In message <[EMAIL PROTECTED]> on Wed, 12 Oct 2005 08:55:09 -0700, Nathaniel Smith <[EMAIL PROTECTED]> said:
njs> I don't understand -- Alice writes out a cert saying "in June, I njs> say version da39 is good". Then her cert gets revoked with a njs> July timestamp. So Bob trusts the cert that says "in June, ...", njs> because June < July. Then in December Mallory comes along, with njs> his cracked copy of Alice's old key, and writes out a cert saying njs> "in June, I say version 0123 is good". So Bob trusts _that_ cert njs> too... Others noted this too, and of course, it would mean we would need to be able to find trustable time somewhere, which is usually a trustable time server. However, come to think of it, the time issue is really not much of an issue, as long as revokation can be checked. It doesn't matter if Eve or Mallory can make signatures at any time or with any date, because to spread their work, they will need to make it available throught netsync, and since that's signed with their key, they would be stopped from spreading their work from the point of revokation on. It would mean that whatever they did between their last push/pull/sync and the point of revokation is lost, but that's true as well if you, as a server administrator, decide to remove their public key from the server database in the current implementation. I'm sure there are some corner cases that would still have to be thought through. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
