|
From: | Daniel Carrera |
Subject: | Re: [Monotone-devel] Monotone Security |
Date: | Thu, 16 Oct 2008 20:59:57 +0200 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Ethan Blanton wrote:
Of course. Every check I have suggested has been server-side (recipient). The client (sender) is completely malicious.All security has to go in the *recipient*, because thesender could be completely malicious.The server isn't (necessarily) a trusted entity. When you grok that, perhaps your positions will change. :-)
Well... there is some context here. We are talking about a specific attack. There are other attacks where the server is the bad guy (e.g. a malicious attacker with root access). The page I wrote also includes threats where the server is the bad guy.
Daniel.
[Prev in Thread] | Current Thread | [Next in Thread] |