So modifying the RSSK will allow us to add or remove people from the revocation list?
Ian. On 16 Feb 2006, at 09:51, Matthew Toseland wrote: > A revocable SSK is a form of security enhanced redirect. > > It has: > - the redirect to the content you are trying to access > - a list of trusted persons' SSKs > - voting rules > > When accessing the RSSK, the client will automatically fetch each > trusted person's SSK. Normally we will get a DNF on each of these. > This > indicates success, and the result is that the node will follow the > redirect. However, the trusted persons may insert documents indicating > some of the following actions, and depending on the voting rules, we > will do: > - Panic button. Revoke the SSK, block access to the site, await > further > input. One trustee is enough to cause this, (depending on the voting > rules), but we check the others in case there is a false alarm or a > disruptive or compromized trustee. Trustees can include a text > message > for the user. > - Panic button with last known good site edition. > - Modify the RSSK itself, i.e. redirect it (permanently) to a new key. > This requires a supermajority. This lets us establish a new site > after > a key compromize, add a new trustee, or remove an existing trustee. > > > This is slightly more functionality than I had expected, but it should > be more than adequate for an official project freesite. Which, > combined > with mailing lists and version control over Freenet, can eventually > form > the basis for a trust infrastructure for development over Freenet. > -- > Matthew J Toseland - toad at amphibian.dyndns.org > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech
