Hi Tad, On Sep 7, 3:35 pm, Tad Glines <[email protected]> wrote: > While it's true that client signatures are not quite as critical as > they are in e-mail, there is still the possibility for an account > being compromised. But, since your private key is not hosted with your > account, but on your local computer (or in a smart card), a signature > would be an additional level of authentication and non-repudiation > that cannot be provided by the server alone. In personal communication > (to friends or family) this is not needed, but in business, this will > in many cases be required (as well as in Govt, or DoD settings). > > Wave will not be able to replace e-mail until is supports client > signature and content encryption.
Specifically, if you are running the server on the same machine or the same network as the client, the certificate used can be controlled -- possibly by the client. That at least provides non-repudiation. Encryption delivers opaque data anyway, so using a "not plain text" data type makes sense. Operational Transforms would only apply to the whole chunk anyway. David --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
