[liberationtech] [Freedombox-discuss] FBX Server/Client Communication Model and Threat Modeling
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Feb 16 09:38:04 PST 2013
On 02/15/2013 10:25 PM, Nick M. Daly wrote:
> For example, is it acceptable if the client's secret key be exposed
> when the box is rooted by attackers? (Probably not, but that does
> let the host act as a trust proxy without relying on subkeys, or
> other weird yet conceptually interesting trust models).
what's wrong with using subkeys or explicitly designating a trust proxy?
it seems like the tradeoff (of having a rootable machine hold your
basic secret key identity material) is clear enough to make the use of
explicitly revokable proxies worth doing.
--dkg
More information about the liberationtech
mailing list