vrs-development
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Vrs-development] Re: [DotGNU]VRS architecture docs

From: Bill Lance
Subject: Re: [Vrs-development] Re: [DotGNU]VRS architecture docs
Date: Tue, 12 Feb 2002 10:33:35 -0800 (PST) 
--- Norbert Bollow <address@hidden> wrote:
> 
> I think that that is probably the first question
> that we should
> answer, whether this is impossible or just very
> challenging.
> 
> I personally don't think that it'll be possible...
> and if this
> is correct, then we can save a lot of effort by not
> trying.  In
> particular, debugging will be so much easier if we
> can use a
> standard directory structure.  It will also be much
> easier to
> achieve good performance and reliability when all
> data is stored
> completely at every node.
> 

I think we are talking about two different things
here. One is the writing of Repository data to the
local host disk.  I don't think we have a problem
here.  There appears to be some straighforward ways of
doing this that insures the integrity and privacy of
the data.  There is overhead and potential network
lag, but that's a measurable and understood price.  

The real problem is a hostile host root user.  As Rhys
has mentioned, 'don't trust nobody to do nothing.
period.' And there is the ultimate exposure, no matter
what we write into the code, it can be undone and
recompiled.  It will be GPL code. (No, I am NOT
arguing for obsurity.  That don't work either.)

We will probably simply have to assume on untrusted
nodes coming to the party.  It certainly adds a large
design burden.  But we are here to understand what
problems we have to solve, and that appears to be one
of them.


> > Of course, talking about security is always a
> matter
> > of degree.  We can only make things more difficult
> to
> > break into, never impossible.
> 
> I think we should enumerate the conceivable attack
> scenarios
> that the system tries to protect against, and those
> for which we
> know that we don't offer protection.
> 


That's an excellant idea.  

Do we have any security types lurking that could
quickly give us an educated outline of types of issues
we need to deal with?


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]