>From "Mark J. Roberts" <[EMAIL PROTECTED]>
>I assumed you insert them like
>
> InsertClient -createUpdate yes KSK@asdf
>
>which inserts a redirect like
>
> Redirect
> increment=86400
> baseline=20000101000000
> End
> freenet:KSK@asdf
>
>which equals freenet:KSK@20001231000000-asdf. Now I see that if I add a
>-redirect option that can redirect to a SSK instead.
>
>But I don't know if that's a good idea because we want the redirect to be
>in the same SSK as the files so it can be securely linked to. Oskar, what
>do you think? Should we ban inserting these under KSKs so there's a
>guaranteed way to securely link to them? It would be very bad if everyone
>inserted these directly under KSKs, which I think they will. Having an
>extra redirect for people using the KSK (KSK@asdf -> SSK@blah/asdf ->
>SSK@blah/20001231000000-asdf) wouldn't be terrible. And after the first
>time the extra delay would be almost imperceptible.
>
A problem with banning date-redirects in KSKs is that it would requrire the
SSKs private key to redirect into that SSK. Being able to redirect into
someone else's SSK is useful functionality we probably don't want to forbid.
But you're right, putting a date redirect to an SSK in a KSK is usually the
wrong thing to do.
--
Benjamin Coates
_______________________________________________
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
