[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some thoughts
Re: Some thoughts
Mon, 5 Jun 2006 18:41:41 +0200
On Mon, Jun 05, 2006 at 03:16:49AM +0200, Jean-Christophe Haessig wrote:
> I've been lurking on the list for a while and I'd like to post
> this note to share my point of view. You may find it pedestrian,
> but many posts have become very philosophical and fundamental-
> elaborate-logic oriented. Sometimes it is even hard to follow,
> so please bear in mind that I may not be sufficienly "educated"
> to participate in that discussion.
Even if that would be the case, I'd be glad that you participated anyway. :-)
However, you seem to be sufficiently "educated" at least about the topics
> On TC.
I fully agree with your statement.
> On protection against the machine owner.
> My assumption is that there is really no way to protect against
> the machine owner.
In the absence of TC, this is correct. We have ruled out TC, so that's ok,
but it is relevant here: protection against the machine owner is exactly what
TC is designed for. In fact, considering hardware attacks such as spontaneous
DMA from a device it can still be broken. But it will be a lot harder. (Of
course once you send your information to that cracked machine, it can be
copied and should be considered public.)
> Then protecting against the installer's or administrator's
> incompetence or malice is really useless, because you never
> know what the owner, against which it is impossible to protect,
> is doing.
I disagree with this. You must trust the owner indeed, but in the usual case,
the owner will want to protect his users even against himself, and certainly
against the administrators. This must (and can) be possible. However, it's
good to remember that this only works because the machine owner wants it.
> In fact, users should not be protected against the
> administrator, or any user that has recieved some authority by
> the owner.
If the machine owner chooses to allow the administrator to spy on the users,
he can. However, it's very good if he can also choose not to allow this.
> However, an interesting goal is to enable them to do most of the things they
> want to do without the explicit consent of any administrator (and this is no
> kind of protection).
Yes. This is the property that really makes it the Hurd, IMO.
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://220.127.116.11/e-mail.html
Description: Digital signature