Jack Lloyd wrote:
Regardless of whether this stops the DOS attack or not, I think that it is
important that the dates on the certificates be trustworthy.
That is really really hard. In fact it seems pretty much impossible,
especially for backdating. That's because there does not seem to be
any obvious way to distinguish between a certificate that I signed a
long time ago, and you are now just seeing (due a sync/push), and one
that I just now intentionally and maliciously backdated.
I think in Monotone is it more useful to reason about causality using
the explicit revision graph rather than try to bring trusted global
clocks into it.
Reasoning about causality would go a long way: Never trust a revision
that is dated earlier than its parent. And it appears to address the
specific DOS attacks that Peter found.
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel