[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Restricted storage
|
From: |
Bas Wijnen |
|
Subject: |
Re: Restricted storage |
|
Date: |
Thu, 1 Jun 2006 10:02:48 +0200 |
|
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Thu, Jun 01, 2006 at 02:58:17AM +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 01/06/2006 hora 00:49:
> > (Intentional side-effect is that storage which is given to some other
> > user cannot be checked for opaqueness. This can be "fixed", but I'd
> > rather not do that if possible.)
>
> Then just don't bother to implement opaque storage and let users take
> care of it on a social basis. Unverifiable opaque storage is of no use,
> or I didn't understand it's purpose.
In case of encryption keys, the idea is that even the user doesn't need access
to the private part (except through a well-defined interface which doesn't
expose the private keys themselves, that is signing and decrypting), and that
must not be exposed to the world, not even by accident.
An accident includes the compromising the user's shell, by the way. So this
means nobody, not even the user himself, must be able to read that data.
However, there is no need to verify this: the user knows that he can't read it
(and in fact can verify this by trying), and that's enough. It's obvious that
nobody else can read it, so no verification is needed for that either.
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Restricted storage,
Bas Wijnen <=