Dan Williams wrote:
We discussed some of this with Simson on Friday. The activity bundles
will at least be signed by the originator to determine identity, and
communication in the system will be encrypted to deter
man-in-the-middle. So you'll at least be able to ensure that, if you're
passed an activity, nobody modified it in-transit, and that somebody
signed an activity bundle. Now, whether or not you trust that person is
a different story, and how/if you ask the child what they want to do
with it.
Ideally that integrates into the KCM such that if your friend Kristin
signed the activity bundle with a private key, and you have Kristin's
public key stored because you have a trust relationship with her, it's
all magic.
Is the idea to allow someone to run code produced by a trusted peer? If
the peer's computer is compromised, would it be possible for a virus to
get access to their private key and send a signed and malicious package
to another user?
--
Ian Bicking | [EMAIL PROTECTED] | http://blog.ianbicking.org
_______________________________________________
Sugar mailing list
[email protected]
http://mailman.laptop.org/mailman/listinfo/sugar
