[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Challenge: Confinement

From: Christian Stüble
Subject: Re: Fwd: Challenge: Confinement
Date: Tue, 29 Aug 2006 10:11:48 +0200
User-agent: KMail/1.9.1


sorry for the late response, but I have to do some work in parallel :-) 
Therefore I may not be able to answer all questions. But I do my best.

> In the context of personal data protection:
> What kind of use do you have in mind? 
Depends. Of course a "not so efficient" approach would be to prevent someone 
fro copying my email address but display it on the screen. You can prevent 
that someone prints the address, but not that it is written down. 
Nevertheless, it would make it harder for 'parties' to give my email to 
someone else.

Maybe more interesting applications I have in mind are:
- Agents that store private information internally and use them only 
internally as an argument of an internal function. Some kind of 
object-oriented approach..
- More pragmatic: Store a signature key inside that signs emails before 
sending it to you. You can define how often the signature can be used. Use 
the signature to identify non-spam.

> How do you enforce once-only 
> use? 
If you have a TPM (at least v1.2), it should be possible to prevent replay 
attacks. This functionality could also be used to enforce once-only use.

> Once you get the data, you can print them, or write them down. 
> What kind of use guarantees no reuse?
If (i) nobody has access to an application's internal state and (ii) the 
application decides not to print, it will not be printed. The first 
assumption is, of course, very important to enforce my personal privacy 

> If the administrator of the system cannot access the data how do you
> make backups?
The administrator may not be able to access the internal state of some 
applications. Nevertheless, it may be able to backup encrypted data. The 
challenging question is to backup information of type "replay attack 
protected". :-) We are currently thinking abou how to realize this in a
multilaterally secure way.

> I do not see how DRM can be of much help if you want to use a system
> that is controlled by a party that you do not trust. 
It is controlled in such a way that the remote party can define any security 
policy. Nevertheless, my "privacy-protecting agent" will only be executable 
if the security policy fulfills some of my requirements (e.g., not to access 
the state of my agent).

> Sure encryption 
> can do something for you. DRM can do a little but not much. And you
> still have to trust the provider DRM which I do not consider much
> wiser than trusting the party controlling the system.
What do you mean with DRM? What is the provider DRM? I am only talking about 
my provacy agent that is using TC-like technology to be able to negotiate
a policy acceptable by my and the platform owner.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]