On Thu, Feb 16, 2006 at 10:49:16AM -0800, Ian Clarke wrote: > So modifying the RSSK will allow us to add or remove people from the > revocation list?
Yep, but we will need enough people to sign the modification, depending on the original voting policy settings in the original RSSK. > > Ian. > > On 16 Feb 2006, at 09:51, Matthew Toseland wrote: > > >A revocable SSK is a form of security enhanced redirect. > > > >It has: > >- the redirect to the content you are trying to access > >- a list of trusted persons' SSKs > >- voting rules > > > >When accessing the RSSK, the client will automatically fetch each > >trusted person's SSK. Normally we will get a DNF on each of these. > >This > >indicates success, and the result is that the node will follow the > >redirect. However, the trusted persons may insert documents indicating > >some of the following actions, and depending on the voting rules, we > >will do: > >- Panic button. Revoke the SSK, block access to the site, await > >further > > input. One trustee is enough to cause this, (depending on the voting > > rules), but we check the others in case there is a false alarm or a > > disruptive or compromized trustee. Trustees can include a text > >message > > for the user. > >- Panic button with last known good site edition. > >- Modify the RSSK itself, i.e. redirect it (permanently) to a new key. > > This requires a supermajority. This lets us establish a new site > >after > > a key compromize, add a new trustee, or remove an existing trustee. > > > > > >This is slightly more functionality than I had expected, but it should > >be more than adequate for an official project freesite. Which, > >combined > >with mailing lists and version control over Freenet, can eventually > >form > >the basis for a trust infrastructure for development over Freenet. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060216/5d94faae/attachment.pgp>
