On Wed, May 31, 2006 at 06:28:06PM -0400, Jonathan S. Shapiro wrote: > On Wed, 2006-05-31 at 15:33 -0600, Christopher Nelson wrote: > > [Bas wrote] > > > ...because there is no no way that it can check if the storage > > > it received is indeed opaque. > > > > What's the point of providing opaque storage to store encryption keys, > > if you cannot verify (or provide some guarantee) that it is, in fact > > opaque? You might as well not have it, because it provides you no > > conceptual security. It's not trustable. > > This is entirely correct.
No, it's nonsense. The program storing the encryption keys doesn't know if the storage is opaque. It doesn't care either. It's the user who cares. And it's the user who chooses to use opaque storage (or not). The user can trust that the program runs on opaque storage, not because the programmer guarantees this (by putting a check in the program), but simply by providing opaque storage to the program. (Intentional side-effect is that storage which is given to some other user cannot be checked for opaqueness. This can be "fixed", but I'd rather not do that if possible.) There may be some meta-data suggesting that this program should be run on opaque storage. However, it's still the user's choice if opaque storage is indeed used. And if not, the program should mind its own business and just work as if it is running on opaque storage. Otherwise debugging will be a lot harder (because you won't actually be debugging the program that's used in production). Thanks, Bas -- I encourage people to send encrypted e-mail (see http://www.gnupg.org). If you have problems reading my e-mail, use a better reader. Please send the central message of e-mails as plain text in the message body, not as HTML and definitely not as MS Word. Please do not use the MS Word format for attachments either. For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
