[Monotone-devel] Re: key-management problem

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: key-management problem

From:	Peter Simons
Subject:	[Monotone-devel] Re: key-management problem
Date:	16 Jun 2005 20:16:38 +0200

Bruce Stephens writes:

 > Now I come to think of it, this is likely to be tricky.

I thought so. :-(

For what it's worth, I think having _some_ procedure to deal with
this case would be very beneficial. Users _will_ lose secret keys
(or forget their pass phrase), and then they'll want to generate
a new key with the same ID string without losing their prior
work. As it is now, that seems to be impossible.

Another question are key poisoning attacks. Let's say that I can
push keys and certificates into the venge.net repository, and
let's say that I upload a key <address@hidden> plus dozens
of patches that are signed with it. Now what happens when the
_legitimate_ owner of that e-mail address ever creates a key?

Peter

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] key-management problem, Peter Simons, 2005/06/16
- [Monotone-devel] Re: key-management problem, Bruce Stephens, 2005/06/16
  - [Monotone-devel] Re: key-management problem, Peter Simons, 2005/06/16
    - [Monotone-devel] Re: key-management problem, Bruce Stephens, 2005/06/16
    - [Monotone-devel] Re: key-management problem, Bruce Stephens, 2005/06/16
    - [Monotone-devel] Re: key-management problem, Peter Simons <=
    - Re: [Monotone-devel] Re: key-management problem, Matt Johnston, 2005/06/17
    - [Monotone-devel] Re: key-management problem, Bruce Stephens, 2005/06/22

Prev by Date: [Monotone-devel] Re: key-management problem
Next by Date: [Monotone-devel] cvs_import crash
Previous by thread: [Monotone-devel] Re: key-management problem
Next by thread: Re: [Monotone-devel] Re: key-management problem
Index(es):
- Date
- Thread