On Fri, Jun 26, 2015 at 11:16 PM, Steven D'Aprano <st...@pearwood.info> wrote: > On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote: > >> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <st...@pearwood.info> >> wrote: >>> Now you say that the application encrypts the data, except that the user >>> can turn that option off. >>> >>> Just make the AES encryption mandatory, not optional. Then the user >>> cannot upload unencrypted malicious data, and the receiver cannot read >>> the data. That's two problems solved. >> >> No, because another application could pretend to be the file-sending >> application, but send unencrypted data instead of encrypted data. > > Did you stop reading my post when you got to that? Because I went on to say:
At that point I quit in frustration, yeah. > "Actually, the more I think about this, the more I come to think that the > only way this can be secure is for both the sending client application and > the receiving client appl to both encrypt the data. The sender can't > trust the receiver not to read the files, so the sender has to encrypt; the > receiver can't trust the sender not to send malicious files, so the > receiver has to encrypt too." When you realize you've said something completely wrong, you should edit your email. -- Devin -- https://mail.python.org/mailman/listinfo/python-list