On Thu, 2006-06-01 at 10:20 +0200, Bas Wijnen wrote: > On Wed, May 31, 2006 at 08:23:53PM -0400, Jonathan S. Shapiro wrote: > > Indeed. And while we are about it: where do you propose to store keys > > that are used for group signatures? > > In some place that cannot be destroyed by any of the members of the group, but > only by the group administrators. That is, in a special user account created > specially for that group.
Ah. So you propose that the computational "right of assembly" should be present only with the consent of the system administrator? > > The objects holding such keys must be shared, and all parties need to be > > able to verify the storage safety and the identity (in the sense of "what > > binary is executing here") of the key management object. > > Yes. They can do that socially. No. The entire point of the need to verify is that you *can't* do that socially, because you are forming a collaboration in which the parties do not have absolute trust in each other. Where absolute trust exists, no verification is necessary. I will note only that absolute trust has never been observed in the wild, and people have been looking for it since (at least) the beginning of recorded history. And I don't just mean computationally. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
