On Fri, May 19, 2006 at 09:21:35PM +0200, Florent Daigni?re (NextGen$) wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-19 20:13:02]: > > > Why? > 1) new keytypes don't hurt > > 2) I'm still not convinced by the trustees system : The security of RSKs > resides in the ability for the 'client' to fetch a revocation > certificate. > > The revocation has to be done BEFORE a client tries to fetch the key to > be effective : the obvious solution is to delay the fetch for some time.
We will need a lot more than RSKs to properly secure the development and deployment system on freenet, I have written several mails on this in the past. > > Inserting the revocation certificate will take time... And will be worst > with trustees... I^we just need a basic way to revoke a key. Why would it be worse? How can traceability of revocations possibly be a bad thing? The user will be alerted on seeing even one revocation cert. But if there is a real problem, more than one trustee will insert. And it is not possible to revoke keys without a revocation cert of some sort. > > > > > On Fri, May 19, 2006 at 09:11:57PM +0200, Florent Daigni?re (NextGen$) > > wrote: > > > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-19 20:04:14]: > > > > > > > On Fri, May 19, 2006 at 08:38:35PM +0200, Lars Juel Nielsen wrote: > > > > > > > > > > I like the initial post but as Ian say it is overkill at least for > > > > > now. The problem is, how hard will it be to update it later to a > > > > > better solution if needed? > > > > > > > > > > As far as I can see Matthew's proposal cover any possible case, > > > > > including the one Ian argument for being the most likely which is > > > > > probably is too, but it's not 95% of all cases. > > > > > > > > I'd prefer not to implement something that was way too simple, and have > > > > to complicate things later by keeping back-compatibility. > > > > > > I don't think that having two kinds of revocation keys would hurt. > > > > > > I do think we need some kind of revocable USK soon, ... a simple thing: > > > no trustees nor "new key". Just something to advertise that the key has > > > been blown and that the user has to look for a new one by "other means". > > > > > > > > > > > But I don't see that it's a really urgent problem anyway; update from > > > > the web site does work, this is more of a strategic question. Certainly > > > > good to have for 0.7.0, but it's not necessary to have it for next week. > > > > Not that I'm saying it would take a week to implement. But I don't see > > > > any reason to implement something which is below the minimum which would > > > > be necessary to be used by FPI for auto-updating and a project freesite. > > > > > > > > > _______________________________________________ > > > Devl mailing list > > > Devl at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > -- > > Matthew J Toseland - toad at amphibian.dyndns.org > > Freenet Project Official Codemonkey - http://freenetproject.org/ > > ICTHUS - Nothing is impossible. Our Boss says so. > > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060519/ae18e621/attachment.pgp>
