* Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-19 20:13:02]:
> Why? 1) new keytypes don't hurt 2) I'm still not convinced by the trustees system : The security of RSKs resides in the ability for the 'client' to fetch a revocation certificate. The revocation has to be done BEFORE a client tries to fetch the key to be effective : the obvious solution is to delay the fetch for some time. Inserting the revocation certificate will take time... And will be worst with trustees... I^we just need a basic way to revoke a key. > > On Fri, May 19, 2006 at 09:11:57PM +0200, Florent Daigni?re (NextGen$) wrote: > > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-05-19 20:04:14]: > > > > > On Fri, May 19, 2006 at 08:38:35PM +0200, Lars Juel Nielsen wrote: > > > > > > > > I like the initial post but as Ian say it is overkill at least for > > > > now. The problem is, how hard will it be to update it later to a > > > > better solution if needed? > > > > > > > > As far as I can see Matthew's proposal cover any possible case, > > > > including the one Ian argument for being the most likely which is > > > > probably is too, but it's not 95% of all cases. > > > > > > I'd prefer not to implement something that was way too simple, and have > > > to complicate things later by keeping back-compatibility. > > > > I don't think that having two kinds of revocation keys would hurt. > > > > I do think we need some kind of revocable USK soon, ... a simple thing: > > no trustees nor "new key". Just something to advertise that the key has > > been blown and that the user has to look for a new one by "other means". > > > > > > > > But I don't see that it's a really urgent problem anyway; update from > > > the web site does work, this is more of a strategic question. Certainly > > > good to have for 0.7.0, but it's not necessary to have it for next week. > > > Not that I'm saying it would take a week to implement. But I don't see > > > any reason to implement something which is below the minimum which would > > > be necessary to be used by FPI for auto-updating and a project freesite. > > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > -- > Matthew J Toseland - toad at amphibian.dyndns.org > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060519/d26d363a/attachment.pgp>
