[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Security is hard. Let's work on policy branches any
From: |
Nathaniel J. Smith |
Subject: |
Re: [Monotone-devel] Security is hard. Let's work on policy branches anyway. |
Date: |
Tue, 23 Jan 2007 01:56:15 -0800 |
User-agent: |
Mutt/1.2.5.1i |
On Tue, Jan 23, 2007 at 01:10:30PM +1100, Brian May wrote:
> >>>>> "Timothy" == Timothy Brownawell <Timothy> writes:
>
> Timothy> You don't identify the key by a human-readable
> Timothy> name. Instead, you identify it by its hash, and there's a
> Timothy> users/ section in the policy tree that maps the hash to
> Timothy> something human-readable for UI purposes. So you rename
> Timothy> the lost key, and add the new one (maybe even with the
> Timothy> same name).
>
> Unfortunately, as currently implemented, get_netsync_read_permitted
> and get_netsync_write_permitted (and probably others), use the
> human-readable name, not the hash.
>
> In fact, according to the documentation, what you describe cannot
> happen, as it is not possible to have more then one key share the same
> human readable name:
Yes, emphasis on "as currently implemented" :-).
All this discussion is design work for the rewrite of all of
monotone's security stuff, because as you note, the current stuff is
really limited.
-- Nathaniel