|
From: | Brian May |
Subject: | Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL |
Date: | Mon, 20 Oct 2008 12:34:37 +1100 |
User-agent: | Thunderbird 2.0.0.17 (X11/20080925) |
Robert White wrote:
The assumption is that for any email address, there will only ever be one key. If this assumption was true, I suspect your issue wouldn't be a problem.In my humble opinion I don't find the use of email address to key id to be an issue. It makes reasonable sense and it is memorable and meaningful to all the users.
Unfortunately it is not a valid assumption, and there a number of different reasons why one email address might have more then one key. Examples I can think of right now include:
* key is compromised, so user needs to get a new key to sign in new commits (trusting old commits is another issue). * different security requirements on different computers. For example you might want to use monotone on same projects on a shared laptop, which isn't secure enough for other projects, so you create two keys, one for the laptop, one for the desktop. * ability to revoke key from laptop computer if laptop becomes stolen but continue using other key from desktop. Brian May
[Prev in Thread] | Current Thread | [Next in Thread] |