l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Challenge: Find potential use cases for non-trivial confinement

From: Pierre THIERRY
Subject: Re: Challenge: Find potential use cases for non-trivial confinement
Date: Mon, 1 May 2006 17:00:26 +0200
User-agent: Mutt/1.5.11+cvs20060403 
Scribit Bas Wijnen dies 01/05/2006 hora 14:29:
> > As a very short part of the algorithm is to be kept secret by the
> > company who created it,
> In that case they must not give it away at all.
> 
> Giving away code in a form that can run but not be studied is
> something that the Hurd doesn't need support for IMO.

I have never considered, in any case, giving away code in any form in my
use case.

> The good thing about non-technical solutions is that they leave room
> for humans to decide if things are "right".

Why the hell then should we worry about security among users of the same
system? Let's them choose socialy what they have access to, instead of
enforcing those access policies with technical solutions!

There *are* legitimate cases where you want a technical solution to
enforce some security policy.

Please don't use arguments you wouldn't apply to another case.

> > the company would like that the program could be executed without
> > being disclosed, while giving guarantee to the user that the
> > processed data would not leak from their session.
> In that case they must make sure they run it on their own computer,
> without a network connection

That doesn't make possible for a logged in user to use the software
without being able to inspect it.

> Summary: I think this is a case of "we don't want to support this".

Why?

Quickly,
Nowhere man
-- 
address@hidden
OpenPGP 0xD9D50D8A

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]