On Tue, Apr 11, 2006 at 10:25:11AM +0200, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Tue, 11 Apr 2006 09:31:07 +0200, Tom > Koelman <[EMAIL PROTECTED]> said: > > tkoelman> > It's yucky, but necessary when history gets rebuilt. > tkoelman> > tkoelman> I understand that. It would be very pleasant though, when > tkoelman> given a collection of private keys, the conversion process > tkoelman> would try to keep as much certificate keys original as > tkoelman> possible. > > Uhmm, do you really hold all the needed *private* keys, or just your > own? I dunno about you, but if it was my project, I wouldn't want to > have my fellow developpers' private keys.
While it's still not clear to me why everything needs to be re-signed, I am resigned to the new reality. Maybe, when everything has to be recertified because of a change in the way things are certified, what we need is a new-style certificate that certifies that the object had been properly certified. That wat the new certificate could be signed by a new signer and contain the information that the original one had been signed by whoever signed it. This decouples somewhat the identity of the person responsible for the original content from trust in the person signing the new ceriticate. -- hendrik _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
