[Freedombox-discuss] FBX Server/Client Communication Model and Threat Modeling
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Feb 16 17:38:04 UTC 2013
On 02/15/2013 10:25 PM, Nick M. Daly wrote:
> For example, is it acceptable if the client's secret key be exposed
> when the box is rooted by attackers? (Probably not, but that does
> let the host act as a trust proxy without relying on subkeys, or
> other weird yet conceptually interesting trust models).
what's wrong with using subkeys or explicitly designating a trust proxy?
it seems like the tradeoff (of having a rootable machine hold your
basic secret key identity material) is clear enough to make the use of
explicitly revokable proxies worth doing.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130216/207dd967/attachment.pgp>
More information about the Freedombox-discuss
mailing list