Re: [Monotone-devel] Monotone Security

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Monotone Security

From:	Daniel Carrera
Subject:	Re: [Monotone-devel] Monotone Security
Date:	Thu, 16 Oct 2008 21:12:35 +0200
User-agent:	Thunderbird 2.0.0.17 (Macintosh/20080914)

Zack Weinberg wrote:

I used the terms "sender" and "recipient" deliberately; as Ethan says
downthread, the server itself is not a trusted entity in this
architecture.  Or, more precisely, security decisions are intended to
be made at checkout time, not at propagation time.

Ok. But as I just said to Ethan, I was thinking about one specificthreat. In that page I wrote I mention other threats where the server isthe bad guy (sender).

Your example about the BSDs was interesting though. I had not thought ofa scenario like that, where the server is actually /supposed/ to haveuntrusted code (e.g. FreeBSD code which is untrusted by OpenBSD).

Make more sense now?

I think we are on the same wavelength. You gave a good example where thesecurity check really belongs at checkout time and not at propagationtime. Please keep in mind that I was thinking about one specific attack.I was not intending to speak in the abstract.


Daniel.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] Monotone Security, (continued)

Prev by Date: Re: [Monotone-devel] Monotone Security
Next by Date: Re: [Monotone-devel] Monotone Security
Previous by thread: Re: [Monotone-devel] Monotone Security
Next by thread: Re: [Monotone-devel] Monotone Security
Index(es):
- Date
- Thread