[Monotone-devel] Re: How to get the newest cert beginning with a certain

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: How to get the newest cert beginning with a certain

From:	graydon hoare
Subject:	[Monotone-devel] Re: How to get the newest cert beginning with a certain substring?
Date:	Wed, 02 Feb 2005 16:11:09 -0500
User-agent:	Mozilla Thunderbird 1.0 (X11/20041206)

Derek Scherger wrote:

Currently each revision has (or should probably have) at least 4 certs:

    - date
    - author
    - changelog
    - branch
If date and author were added to each cert this could be reduced to 2certs:
    - changelog
    - branch
and there was some talk on irc recently about how much space all thesecerts consume due to their cryptographic signatures. Perhaps reducingthe cert count by adding date and author info to each cert could helpwith this problem too?


hm. so then you would have

[id, name, value, author, date, signer,
 sig(id|name|value|author|date|signer)]

as the cert? I'm not sure.. in a sense that couples things more, but ina sense it decouples them. it means for example that I can "sign" thefact that njs says a rev should be in a branch. maybe that's true -- itexpresses what happens in a rebuild much more accurately for example --but it makes the trust rule evaluation a bit trickier. what happens ifyou trust me but not njs? what if you trust njs but not me? hm. perhapsnot too tricky. it probably just means


  function trust(cert)
    return trust_signer(cert.signer) &&
           trust_author(cert.author)
  end

an additional thought occurs to me though: considering that you'retalking about decoupling the person who made the assertion from theperson who signed it, might you also want to decouple the date theassertion was made from the date it was signed? i.e.


[id, name, value,
 author, assertion-date,
 signer, signing-date,
 sig(id|name|value|author|assertion-date|signer|signing-date)]

I know that looks longer, but by eliminating the extra signatures fromdate and author certs (and storing dates and authors non-base64-encoded)it would be both less database space and much more efficient for somethings. I can see this having definite benefits. I'm just a bit worriedabout the semantics.

while we're at it, it might be worth throwing in an algorithm name,since I've been playing with importing gpg keys recently, and most ofthose are pre-RSA patent expiry, so elgamal/DSA.


-graydon

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] How to get the newest cert beginning with a certain substring?, Christof Petig, 2005/02/02
- Re: [Monotone-devel] How to get the newest cert beginning with a certain substring?, Christof Petig, 2005/02/02
- Re: [Monotone-devel] How to get the newest cert beginning with a certain substring?, Derek Scherger, 2005/02/02
  - [Monotone-devel] Re: How to get the newest cert beginning with a certain substring?, graydon hoare <=
    - Re: [Monotone-devel] Re: How to get the newest cert beginning with a certain substring?, Derek Scherger, 2005/02/02
- Re: [Monotone-devel] How to get the newest cert beginning with a certain substring?, Nathaniel Smith, 2005/02/02
  - Re: [Monotone-devel] How to get the newest cert beginning with a certain substring?, Christof Petig, 2005/02/03

Prev by Date: Re: [Monotone-devel] Invariant Failure while Merging
Next by Date: Re: [Monotone-devel] Concern about LUA & suggestions for command line output
Previous by thread: Re: [Monotone-devel] How to get the newest cert beginning with a certain substring?
Next by thread: Re: [Monotone-devel] Re: How to get the newest cert beginning with a certain substring?
Index(es):
- Date
- Thread