Hi, sorry for the late response, but I have to do some work in parallel :-) Therefore I may not be able to answer all questions. But I do my best.
> In the context of personal data protection: > What kind of use do you have in mind? Depends. Of course a "not so efficient" approach would be to prevent someone fro copying my email address but display it on the screen. You can prevent that someone prints the address, but not that it is written down. Nevertheless, it would make it harder for 'parties' to give my email to someone else. Maybe more interesting applications I have in mind are: - Agents that store private information internally and use them only internally as an argument of an internal function. Some kind of object-oriented approach.. - More pragmatic: Store a signature key inside that signs emails before sending it to you. You can define how often the signature can be used. Use the signature to identify non-spam. > How do you enforce once-only > use? If you have a TPM (at least v1.2), it should be possible to prevent replay attacks. This functionality could also be used to enforce once-only use. > Once you get the data, you can print them, or write them down. > What kind of use guarantees no reuse? If (i) nobody has access to an application's internal state and (ii) the application decides not to print, it will not be printed. The first assumption is, of course, very important to enforce my personal privacy rules. > > If the administrator of the system cannot access the data how do you > make backups? The administrator may not be able to access the internal state of some applications. Nevertheless, it may be able to backup encrypted data. The challenging question is to backup information of type "replay attack protected". :-) We are currently thinking abou how to realize this in a multilaterally secure way. > I do not see how DRM can be of much help if you want to use a system > that is controlled by a party that you do not trust. It is controlled in such a way that the remote party can define any security policy. Nevertheless, my "privacy-protecting agent" will only be executable if the security policy fulfills some of my requirements (e.g., not to access the state of my agent). > Sure encryption > can do something for you. DRM can do a little but not much. And you > still have to trust the provider DRM which I do not consider much > wiser than trusting the party controlling the system. What do you mean with DRM? What is the provider DRM? I am only talking about my provacy agent that is using TC-like technology to be able to negotiate a policy acceptable by my and the platform owner. Regards, Chris _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
