Hey rick, thanks for the link!
Now actually the previous link works for me too, maybe the server was just down
because of the glibc issue or so ;-)
And this is a complete different scenario than cryptodb, as this is about web
clients, not native clients.
As I wrote in my other post, web client crypto is a problem. They address this
by verifying the code with another server separate from the web application /
If I understand it correctly, with Mylar you have 2 instead of 1 server, and
only 1 of those 2 servers need to be absolute secure.
Though I'm not sure if this holds true, if an attacker starts to manipulate the
web application code he might be able to completely replace the original
application undetected, I think.
Still, I don't see how building a more complex system (more code = more bugs)
with 2 servers from which 1 has to be properly secured is better then building
a system with less code with one server and properly secure this one server.
There seems also to be a browser extension to verify the client side code, so
this is more like having a native client then.
But yeah, user have to install the extension, and if you don't deliver that
extension physically (CD/stick per postal mail) to them, then an attacker could
temper with it, so its about securing a server again.
----- Original Message -----
From: Rick Lyman [mailto:lyman.r...@gmail.com]
Sent: Thu, 18 Feb 2016 06:20:00 -0500
Subject: Re: crypto db
>This link https://css.csail.mit.edu/mylar/ is not working for me