On Tue, Sep 06, 2016 at 02:49:31PM -1000, Brent W. Baccala wrote:
> On Tue, Sep 6, 2016 at 2:05 AM, Richard Braun <rbr...@sceen.net> wrote:
> > The solution, whatever it is, should focus only on determining whether
> > a server can be trusted or not. This should affect everything (servers,
> > (active) translators and translator records).
> Yes, we need to clearly determine when a server is trusted.
Actually, a generic notion of a server being "trusted" is a much more
complex problem. We discussed several options with Carl in the context
of his work on "object migration", which required determining when it's
safe to execute server code with the authority of the client. IIRC we
didn't come up with a conclusive approach...
However, trusting lookups is a way more specific problem, which we
believe we have a pretty good idea of how it can be addressed.