[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricted storage

From: Bas Wijnen
Subject: Re: Restricted storage
Date: Thu, 1 Jun 2006 17:39:03 +0200
User-agent: Mutt/1.5.11+cvs20060403

On Thu, Jun 01, 2006 at 05:18:17AM -0400, Jonathan S. Shapiro wrote:
> > It's obvious that nobody else can read it, so no verification is needed
> > for that either.
> Statements of the form "It's obvious that..." have absolutely no place
> in engineering design discussions. Either there is a principled argument
> that can and should be clearly stated, or it really isn't obvious.

Ok.  I am a user.  I have confidence that the machine works, in particular the
TCB.  I ask the TCB to give me, and nobody else, some opaque storage.  I get
storage from the TCB.

How is it not obvious that nobody else can read this storage?  The only weak
point in the argument in my trust in the TCB, but I'm going to need that, no
matter how I design it.


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]