Ethan Blanton wrote:
All security has to go in the *recipient*, because the
sender could be completely malicious.
Of course. Every check I have suggested has been server-side
(recipient). The client (sender) is completely malicious.
The server isn't (necessarily) a trusted entity. When you grok that,
perhaps your positions will change. :-)
Well... there is some context here. We are talking about a specific
attack. There are other attacks where the server is the bad guy (e.g. a
malicious attacker with root access). The page I wrote also includes
threats where the server is the bad guy.
Daniel.
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel