On 12/11/10 5:59 AM, wren ng thornton wrote:
On 12/9/10 4:04 PM, Richard O'Keefe wrote:
As long as the material from Y replicated at X is *supposed* to be
publicly available, I don't see a security problem here. Only Y accepts
updates from outside, and it continues to do whatever authentication it
would do without a mirror. The mirror X would *not* accept updates.
The security issue is how does a client, C, know to trust X (maybe X is
evil) or know to trust the transmission of data from Y to X (maybe a man
in the middle corrupted things and X has become a confused deputy), etc.
P.S., X can't really be a "confused deputy" here since X has no special
privileges[1], rather X would become more of a confused librarian:
y'know, the kindly old but somewhat senile librarian who occasionally
mistakes your requests (like that time they gave you Cujo when you asked
for a book on the care and feeding of pets, or the time they gave you
some writings by the Marquis de Sade when you were doing research for
your anatomy class).
[1] The implicit trust C has for X usually isn't counted as a
"privilege" in the security world.
--
Live well,
~wren
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
