Re: [Monotone-devel] Monotone Security

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Monotone Security

From:	Daniel Carrera
Subject:	Re: [Monotone-devel] Monotone Security
Date:	Thu, 16 Oct 2008 20:59:57 +0200
User-agent:	Thunderbird 2.0.0.17 (Macintosh/20080914)

Ethan Blanton wrote:

All security has to go in the *recipient*, because the
sender could be completely malicious.
Of course. Every check I have suggested has been server-side(recipient). The client (sender) is completely malicious.
The server isn't (necessarily) a trusted entity.  When you grok that,
perhaps your positions will change.  :-)

Well... there is some context here. We are talking about a specificattack. There are other attacks where the server is the bad guy (e.g. amalicious attacker with root access). The page I wrote also includesthreats where the server is the bad guy.


Daniel.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] Monotone Security, (continued)

Prev by Date: Re: [Monotone-devel] Re: dates in monotone
Next by Date: Re: [Monotone-devel] Monotone Security
Previous by thread: Re: [Monotone-devel] Monotone Security
Next by thread: Re: [Monotone-devel] Monotone Security
Index(es):
- Date
- Thread