I see 3 meaningful possibilities:<br><br>1. P_IDENT activities can sign/unencrypt anything with users private key, with no user knowledge. Thus a signature means only that communication comes from a given laptop, and has no implication about the awareness or assent of the user of that laptop.<br>
<br>2. P_IDENT only lets activities use signatures/unencryption within strictly limited communications protocols OR with some explicit, trusted-UI agreement from the user. The communications protocols are designed such that each encrypted/signed block is identifiable and validated as part of that protocol (ie, header in every block, or only the temporary private key is encrypted against the real private key and the OS refuses to unencrypt temporary private keys unless they are marked as part of that protocol). Thus a signature on, or the ability to unencrypt, data that is not marked as part of that protocol, implies user assent. <br>
<br>3. There is one private key used for communications security, and another one used for user identity verification.<br><br>Are my possibilities comprehensive? If so, which one are we aiming for?<br><br>Jameson<br><br><div class="gmail_quote">
On Wed, Mar 26, 2008 at 11:40 AM, Michael Stone <<a href="mailto:michael@laptop.org">michael@laptop.org</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Folks,<br>
<br>
Pursuant to recent discussions about P_IDENT, I've begun drafting<br>
principles and use cases in order to discover some of the communications<br>
security needs of XO-users.<br>
<br>
My thoughts to date (with substantial input from both Daf and<br>
Polychronis) are recorded, haphazardly, at<br>
<br>
<a href="http://wiki.laptop.org/go/Communications_security" target="_blank">http://wiki.laptop.org/go/Communications_security</a><br>
<br>
Finally, I will be meeting briefly with Jonathan Herzog tomorrow morning<br>
in order to review this material. If you have the opportunity, please<br>
examine my thoughts, let me know what you consider to be the most<br>
pressing concerns either by replying to this email or on the wiki page.<br>
I'll do what I can to dig up convincing answers. :)<br>
<br>
Michael<br>
<br>
_______________________________________________<br>
Sugar mailing list<br>
<a href="mailto:Sugar@lists.laptop.org">Sugar@lists.laptop.org</a><br>
<a href="http://lists.laptop.org/listinfo/sugar" target="_blank">http://lists.laptop.org/listinfo/sugar</a><br>
</blockquote></div><br>