Daniel Carrera spake unto us the following wisdom: >> All security has to go in the *recipient*, because the >> sender could be completely malicious. > > Of course. Every check I have suggested has been server-side > (recipient). The client (sender) is completely malicious.
The server isn't (necessarily) a trusted entity. When you grok that,
perhaps your positions will change. :-)
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
signature.asc
Description: Digital signature
_______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
