Hi Vidya, Hi Bjoern,
the term "trust" is quite tricky. You may trust someone to do X but not
Y. Hence, you have to say what you believe the "client" (user, I guess)
trusts the server for.
Just think about the concept of 'secondary use'.
Ciao
Hannes
Am 30.10.13 20:40, schrieb Bjoern Hoehrmann:
* Vidya Narayanan wrote:
I may be missing something here, but your wording seems to suggest that the
user may not trust the server? If so, that is definitely not the targeted
case under discussion. The assumption here is that the client (and hence
the user) and the server trust each other, but they don't necessarily trust
all middleboxes.
You buy a smartphone. You come to suspect it may have a bug that makes
it send encrypted data over the wire it should not be sending. You con-
figure a MITM proxy and try to trigger the bug. You detect the phone
starts sending data to a server, but the server cuts the connection as
it detects the proxy.
So you cannot verify what the smartphone actually sends, you are not in
control. "Privacy" and end-to-end security require the user to be in
control, so that a server "cannot refuse to serve sensitive content over
a proxied connection" is a good thing, while you list it as a problem.
My suggestion was to include a Goal to ensure that users are in control.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
