[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Dealing with lost key
From: |
Timothy Brownawell |
Subject: |
Re: [Monotone-devel] Dealing with lost key |
Date: |
Sun, 18 Jan 2009 02:29:48 +0000 |
On Sat, 2009-01-17 at 15:05 -0800, dlakelan wrote:
> Timothy Brownawell wrote:
> > On Thu, 2009-01-15 at 14:19 -0800, dlakelan wrote:
> >> I've lost a key which has been used to certify a variety of things in
> >> one project. I've generated a new key, and now I'd like to replace all
> >> the old certificates with new certificates from the new key, and have my
> >> collaborators do the same... so we don't get a lot of warnings about
> >> incorrect certs. How can I do this?
> >
> > There's no simple way to replace certs like that, the easiest solution
> > is to just keep them and make sure the new key has a different name.
> ...
> > If you really do need to delete the old certs and generate new ones,
> > something along these lines would probably work (not tested, may ruin
> > your db)...
> ....
>
> Thanks for your suggestions. I think we will simply keep the old public
> key and certs.
>
> If there is no way to invalidate a key, then it seems difficult to deal
> with a security issue such as when a key is compromised and that key may
> be signing malicious code which collaborators are unaware of... for example.
>
> From a security standpoint, it seems to me that monotone should have a
> way to at the very least, expire trust in a key.
Currently the only way to do that is with the get_revision_cert_trust
lua hook,
http://monotone.ca/docs/Hooks.html#Trust-Evaluation-Hooks
which will have to be set up by everyone. (Yes, we know this isn't
ideal.)
> Also, if asked to generate a new key, monotone should refuse if that key
> name is already known to monotone, unless some kind of
> --force-overwrite-key switch is given...perhaps it already does?
It does.
> Finally, the documentation should stress the fact that two keys with the
> same name are not supported...
...I guess this would go in the Conecpts => Certificates section (1.4).
> and it seems to me that it should be
> possible within monotone to ask it to drop signatures and to re-sign
> certificates with a new key.
Dropping anything really doesn't work with our architecture. If *anyone*
forgets to drop it, it will come back next time that person syncs.
> Thanks to the monotone developers for a very nice revision control system!
> Dan
:)
- [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/15
- Re: [Monotone-devel] Dealing with lost key, Timothy Brownawell, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key,
Timothy Brownawell <=
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/17
- Re: [Monotone-devel] Dealing with lost key, Brian May, 2009/01/18
- Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/18
- Re: [Monotone-devel] Dealing with lost key, dlakelan, 2009/01/21
- Re: [Monotone-devel] Dealing with lost key, Ethan Blanton, 2009/01/22