On Thu, Sep 03, 2009 at 06:22:38PM -0700, Tad Glines wrote: > As far as I can tell, all wavelet updates > (ProtocolAppliedWaveletDelta) are signed by the federation host and > not by the federation remote or the actual client. > And, since the delta may be transformed prior to application, any > client signature of the original delta would not be valid if included > the wavelet update. > > This means that participants have no way of verifying that the > federation host applied other participants deltas properly. > If the federation host maintained both the original and transformed > deltas, and made them available via history then remote hosts (and > their clients) could verify the hosts transformations. > If the original delta's included both the host/remote signature and > possible a client signature, then complete verification is possible. > > Have I misunderstood how OT works? Are there plans to extend > verification beyond the federation host?
I still don't understand what verification is, as currently implemented, possibly because I haven't tried to yet to read up on it (I assume there is a white paper or something?) However I can point out that a number of people on the sandbox have been requesting the ability to sign/encrypt content so the recipients can verify the validity of the data. To counter this, it has been pointed out that wave server to server communications could occur over SSL (I suspect this isn't the case yet though). This hasn't helped with the concern is that the system administrators may not be trustworthy. -- Brian May <[email protected]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
