On Wed, Oct 12, 2005 at 10:36:15AM +0200, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Tue, 11 Oct 2005 23:52:12 -0700, Nathaniel > Smith <[EMAIL PROTECTED]> said: > njs> In monotone's case, though, we actually use the signatures for > njs> something a bit different, so I think different mechanisms end up > njs> being called for. Version control inherently revolves around > njs> long-term immutable archival. It's just not right that old > njs> versions of your tree disappear from a branch, because the person > njs> who committed them left the project now... > > I think you're operating under some false assumptions. Just because a > certificate was revoked yesterday, it doesn't mean that a signature > made a week ago suddenly becomes invalid. All that's needed is to > attach a datetime to the thing being signed before signing it, and > compare that to the revokation datetime to know if the signature is to > be regarded as valid or not.
I don't understand -- Alice writes out a cert saying "in June, I say version da39 is good". Then her cert gets revoked with a July timestamp. So Bob trusts the cert that says "in June, ...", because June < July. Then in December Mallory comes along, with his cracked copy of Alice's old key, and writes out a cert saying "in June, I say version 0123 is good". So Bob trusts _that_ cert too... More generally, we don't have reliable date-time -- even if we could somehow force people to not outright lie about times, we don't have a centralized clock they could use (and should not add such a requirement). -- Nathaniel -- "But in Middle-earth, the distinct accusative case disappeared from the speech of the Noldor (such things happen when you are busy fighting Orcs, Balrogs, and Dragons)." _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel