erik wrote: > i'm not sure i understand. either you have the key (score) > and you can decrypt the whole cyphertext (read the file tree > below), or you don't. assuming of course that scores are too > hard to guess. so the solution is: don't give out the root score.
my read on the utility of rog's proposal is that you could then pre-exchange the crypto key via secure channel (real live handoff or whatnot) and then send root scores around freely over things like email. unauthorized parties reading your email then don't get your venti data. the scheme has the advantage of being minimally intrusive, but it does seem to be like putting the fix in the wrong place. i'd rather see an authenticated connection mechanism, which would likely require more changes (how do you store accounts and credentials? how do you feed them to things like a fossil at boot?), but would have the same benefits and more (i'd like to provide some clients read-only access, for example).