Lapo Luchini wrote:
OK, using (the same) e-mail addresses in different keys may pose
additional hurdles, but why using e-mail addresses in the first place?
You need to use email addresses in order to answer the question "Who
signed this revision?"
Unfortunately, what we have is a poor solution, because you have to
trust the key id (email address) in your database points to the correct key.
I could imagine setting up a database with false email addresses for the
keys, so anybody who syncs from my database gets these keys and may get
mislead as to how made the changes. As far I am aware there isn't any
user visible way at the moment to test two keys are the same, we rely on
the keyid which could be falsified. They is also no way to tell what key
signed a particular revision, apart from its keyid.
The only part of this I am not sure of - is how monotone behaves if it
notices a keyid has a different key during a sync operation.
Using hashes as the keyid solves this, because there can only be one
hash for a given key, and the probability of generating another key that
happens to share the same hash (if using a good hash algorithm) is very low.
Then the next part required would be some way of securely mapping the
key id to a user - they are a number of different ways this could be
done. Once we use hashes for keyids that is.
Brian May
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
