[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opaque storage

From: Marcus Brinkmann
Subject: Re: Opaque storage
Date: Mon, 08 Jan 2007 18:24:56 +0100
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Mon, 08 Jan 2007 12:02:57 -0500,
"Jonathan S. Shapiro" <address@hidden> wrote:
> I propose that we change the subject line on this discussion.
> Can somebody remind me how, in a system providing only translucent
> storage allocation, one can safely manage the private portion of a
> cryptographic key?
> I do remember that we discussed this. I do not remember what the
> proposed resolution was.

It depends on what you mean.  If the example is that the user has a
key which he wants to hide from the applications, then he puts the key
into its own application, and provides only access via service
invocation, not process instantiation.

The other way around, ie applications hiding the key from the user, is
not possible of course.

In general theapproach is to replace process instantiation with
service invocation.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]