[liberationtech] [Freedombox-discuss] FBX Server/Client Communication Model and Threat Modeling
Nick M. Daly
nick.m.daly at gmail.com
Sat Feb 16 13:48:37 PST 2013
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> On 02/15/2013 10:25 PM, Nick M. Daly wrote:
>> For example, is it acceptable if the client's secret key be exposed
>> when the box is rooted by attackers? (Probably not, but that does
>> let the host act as a trust proxy without relying on subkeys, or
>> other weird yet conceptually interesting trust models).
>
> what's wrong with using subkeys or explicitly designating a trust proxy?
Nothing! I was just more trying to throw out ideas to get folks to list
and explain concepts in detail. For example, in hopes of getting folks
who understand what a "trust proxy" is to explain it to (or at least
link to resources accessible by) everybody else.
> it seems like the tradeoff (of having a rootable machine hold your
> basic secret key identity material) is clear enough to make the use of
> explicitly revokable proxies worth doing.
Agreed, but I feel that there are other trust models in that area that
are worth discovering or explicitly listing, if not embracing. They
might be helpful for other folks in other situations with different
limitations, and I'd appreciate your thoughts on the matter.
Nick
More information about the liberationtech
mailing list