On Thu, Nov 30, 2006 at 12:24:27AM -0600, Timothy Brownawell wrote: > On Thu, 2006-11-30 at 17:06 +1100, Brian May wrote: > > What happens if a trusted developer's key becomes compromised > > (e.g. laptop stolen) or the developer becomes untrustworthy > > (e.g. fired)? > > > > Can you somehow say that old signatures are still valid, but new ones > > aren't? > > Define "new" (monotone has no concept of time). > > The only way we really have is to take some other key (quite possibly > specially generated for this, and then never used again), and reproduce > all the certs that you do want to trust. (Well, you *could* give the > trust hooks a list of all the known-good certs, but that gets really > ridiculous really fast.)
The other way I know of is that when you revoke a key, you write down a list of all the certs you want to continue trusting. (Similarly to how when you grant trust to a key, you may want to write down a list of all the old certs that you don't want to start trusting.) So trust rules take the form of a default trust/don't trust setting, plus an explicit list of exceptions. -- Nathaniel -- "But suppose I am not willing to claim that. For in fact pianos are heavy, and very few persons can carry a piano all by themselves." _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel