Re: [Auth]Okay, so how about some code...

[John]

Perhaps I'm seeing something that isn't there?

> 5) bar encrypts the information with foo's public key. and "transmits" the
> data to bob to be redirected.

If bar is encrypting the data it retrieves from LCRS to send to Bob,
then the implication is that the data is stored unencrypted, else there
is no need to re-encrypt it? There's no spec here of how LCRS stores
data, but if it's based on LDAP, we should note that though one can
store encrypted data in LDAP, LDAP is not specifically designed to hide
metadata (ie the name of the data to be retrieved) from the sysadmin.

Hmmmm... hmmm... that give me another idea for Freport. A way to solve
the public terminal problem, maybe...

Anyhow, I'm just guessing from inference here. Maybe I'm missing
something also. Mason?

John Le'Brecage

Norbert Bollow wrote:
> 
> John Le'Brecage wrote:
> 
> > This still does not prevent the data or metadata from being mined by B,
> > which was another requirement of the DotGNU design. Wasn't it?
> 
> John is right.  Data mining must not be possible as long as
> people use software that is officially released by the DotGNU
> project.  I believe that this is a non-negotiable requirement.
> 
> But I don't understand Mason's design well enough to see whether
> this is indeed a problem with his approach... Mason, maybe you
> could clarify this?
> 
> Greetings, Norbert.
> 
> --
> A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org
> Norbert Bollow, Weidlistr.18, CH-8624 Gruet   (near Zurich, Switzerland)
> Tel +41 1 972 20 59       Fax +41 1 972 20 69      http://thinkcoach.com
> Your own domain with all your Mailman lists: $15/month  http://cisto.com
> _______________________________________________
> Auth mailing list
> address@hidden
> http://subscribe.dotgnu.org/mailman/listinfo/auth