A revocable SSK is a form of security enhanced redirect. It has: - the redirect to the content you are trying to access - a list of trusted persons' SSKs - voting rules
When accessing the RSSK, the client will automatically fetch each trusted person's SSK. Normally we will get a DNF on each of these. This indicates success, and the result is that the node will follow the redirect. However, the trusted persons may insert documents indicating some of the following actions, and depending on the voting rules, we will do: - Panic button. Revoke the SSK, block access to the site, await further input. One trustee is enough to cause this, (depending on the voting rules), but we check the others in case there is a false alarm or a disruptive or compromized trustee. Trustees can include a text message for the user. - Panic button with last known good site edition. - Modify the RSSK itself, i.e. redirect it (permanently) to a new key. This requires a supermajority. This lets us establish a new site after a key compromize, add a new trustee, or remove an existing trustee. This is slightly more functionality than I had expected, but it should be more than adequate for an official project freesite. Which, combined with mailing lists and version control over Freenet, can eventually form the basis for a trust infrastructure for development over Freenet. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060216/f5e85e41/attachment.pgp>
