Hey rick, thanks for the link! Now actually the previous link works for me too, maybe the server was just down because of the glibc issue or so ;-)
Interesting read. And this is a complete different scenario than cryptodb, as this is about web clients, not native clients. As I wrote in my other post, web client crypto is a problem. They address this by verifying the code with another server separate from the web application / database server. If I understand it correctly, with Mylar you have 2 instead of 1 server, and only 1 of those 2 servers need to be absolute secure. Though I'm not sure if this holds true, if an attacker starts to manipulate the web application code he might be able to completely replace the original application undetected, I think. Still, I don't see how building a more complex system (more code = more bugs) with 2 servers from which 1 has to be properly secured is better then building a system with less code with one server and properly secure this one server. There seems also to be a browser extension to verify the client side code, so this is more like having a native client then. But yeah, user have to install the extension, and if you don't deliver that extension physically (CD/stick per postal mail) to them, then an attacker could temper with it, so its about securing a server again. KISS. ----- Original Message ----- From: Rick Lyman [mailto:lyman.r...@gmail.com] To: picolisp@software-lab.de Sent: Thu, 18 Feb 2016 06:20:00 -0500 Subject: Re: crypto db >This link https://css.csail.mit.edu/mylar/ is not working for me https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mylar%20meteor%20pdf