[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Restricted storage
From: |
Marcus Brinkmann |
Subject: |
Re: Restricted storage |
Date: |
Thu, 01 Jun 2006 12:40:54 +0200 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Thu, 1 Jun 2006 10:02:48 +0200,
Bas Wijnen <address@hidden> wrote:
>
> [1 <multipart/signed (7bit)>]
> [1.1 <text/plain; us-ascii (quoted-printable)>]
> On Thu, Jun 01, 2006 at 02:58:17AM +0200, Pierre THIERRY wrote:
> > Scribit Bas Wijnen dies 01/06/2006 hora 00:49:
> > > (Intentional side-effect is that storage which is given to some other
> > > user cannot be checked for opaqueness. This can be "fixed", but I'd
> > > rather not do that if possible.)
> >
> > Then just don't bother to implement opaque storage and let users take
> > care of it on a social basis. Unverifiable opaque storage is of no use,
> > or I didn't understand it's purpose.
>
> In case of encryption keys, the idea is that even the user doesn't need access
> to the private part (except through a well-defined interface which doesn't
> expose the private keys themselves, that is signing and decrypting), and that
> must not be exposed to the world, not even by accident.
For that reason I have some of my encryption keys on a smart card, on
which they were generated (the OpenPGP smart card). Smart cards give
me the advantages of opaque storage that I care about, while reducing
the risks that I see in it to a bare minimum.
In fact, if I were not so lazy, I probably would have generated the
key on an off-line computer, and then uploaded it to the card while
storing a print-out of the secret key in a secure place. That would
be even better, but my needs are rather modest so I didn't.
Thanks,
Marcus
- Re: Restricted storage, Bas Wijnen, 2006/06/01
- Re: Restricted storage, Bas Wijnen, 2006/06/01
- Re: Restricted storage, Jonathan S. Shapiro, 2006/06/01
- Re: Restricted storage, Marcus Brinkmann, 2006/06/01
- Re: Restricted storage, Jonathan S. Shapiro, 2006/06/01
- Re: Restricted storage, Bas Wijnen, 2006/06/01
- Re: Restricted storage, Jonathan S. Shapiro, 2006/06/01
- Re: Restricted storage, Bas Wijnen, 2006/06/01
- Re: Restricted storage, Jonathan S. Shapiro, 2006/06/01