On Wed, 2006-05-31 at 20:02 -0400, Eric Northup wrote: > On Wed, 2006-05-31 at 18:49, Bas Wijnen wrote: > [...] > > No, it's nonsense. The program storing the encryption keys doesn't know if > > the storage is opaque. It doesn't care either. It's the user who cares. > > And > > it's the user who chooses to use opaque storage (or not). The user can > > trust > > that the program runs on opaque storage, not because the programmer > > guarantees > > this (by putting a check in the program), but simply by providing opaque > > storage to the program. (Intentional side-effect is that storage which is > > given to some other user cannot be checked for opaqueness. This can be > > "fixed", but I'd rather not do that if possible.) > [...] > > Which Object(s) in the system represent the user and her choices? > > -Eric
Indeed. And while we are about it: where do you propose to store keys that are used for group signatures? The objects holding such keys must be shared, and all parties need to be able to verify the storage safety and the identity (in the sense of "what binary is executing here") of the key management object. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
