On Fri, Mar 25, 2011 at 10:38 PM, Alec Warner wrote: > Coming back around to the earlier discussion of Alice who has her key > signed by robbat2 (because he loves keysigning parties) and then Alice > breaks into cvs.gentoo.org and commits evil code into the tree. If we > cannot stop this attack because we are relying on a chain of trust > (and Alice is in the chain) can we at least detect the attack?
verifying identity isnt the same as listing who we trust. this is the point Robin is making when he says he wants to list all trusted keys in LDAP. from there, we could create a file signed by an infra "tree key" and keep only the trusted keys in it. -mike
