Encrypted Repositories?

Jonathan S. Shapiro shap at eros-os.com
Thu Sep 6 22:14:44 CDT 2007

On Thu, 2007-09-06 at 21:08 -0500, Ryan Michael wrote:
> That's some very interesting stuff.  I didn't take enough time to
> actually understand the math, but the system behavior is really cool.
> I'm not sure if it would apply here though.  He's describing a system
> in which a hierarchical group of people generate secret keys in such a
> way that each member of the group can determine the keys of any
> members below them in the hierarchy.  He doesn't really allow key
> revocation, so much as he allows keys to be issued for a specific time
> period.  It's more like key expiration than revocation.

Hmm. Yes, that rings a bell. I must have been thinking of some other
work then.

> Your criticism of my thread-model ambiguity is correct.  My real
> interest is being able to push and pull changes to a backup server and
> have the backup server be secure.  The basic threat would be someone
> gaining unauthorized access to the server - either a hacker or
> malicious sysadmin.

This is now a third and completely different requirement. This one can
be accomplished in a reasonably satisfactory way with a change hook that
makes a tarball of the repo, encrypts it, and ships it.

I'm really not trying to be obnoxious. It's just that we're not going to
understand the solution until we understand the question.
Jonathan S. Shapiro
Managing Director
The EROS Group, LLC
www.coyotos.org, www.eros-os.org

More information about the Mercurial-devel mailing list