On Monday 03 November 2003 08:46 pm, Toad wrote: > > They don't have to be world writable. The node that has it writes to it. > > If it is under an SSK and is signed by that key, it can't do anything and > > get away with it. Then it enforces only allowing the other keys listed to > > append their own signed section, that consists of a time stamp, which > > signifies incrementing the version number by one. So there is no part of > > the key that cannot be verified to have come from the original publisher > > or someother person that they trust in incrementing it. Of course that > > other person could send hundreds of increment requests. (Although it > > would be easy to limit them to say one a minute or something) It would be > > obvious who was doing it, just from fetching the key, and then the > > original author could revoke their key. > > They have to be world writable *for frost*.
Well, for the most part you could just get away with a private board, that would add you to the list if you submitted your key to a write only board. However for some things you might want one that anyone with a key could update. So I suppose the author should be able to do that. Supposing they were restricted by the author (Specified in the TUK) to one message per minute, or something. Then a used could generate lots of keys and send lots of update messages to the board. That would be a problem. (Perhaps some sort of voting mechanism where if so many people say it does not work it gets reverted?) Or you could just have an SSK anarchy sort of thing where everyone uses a single secondary key. None the less people could flood boards now, it's just that the software stops requesting keys if they don't seem to be there or get tagged as spam or blocked by the user. We could just do the same thing. Then worst case scenario, we have what we have now. _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
