Re: How to add confinement to the Hurd?

[Bas Wijnen]

On Mon, May 01, 2006 at 06:05:54PM +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 01/05/2006 hora 15:30:
> > > > Well, without a TC chip in the system the system-implemented
> > > > confinement check relies on the good will of the machine owner.
> > > Which is way more than needed in some use cases of confinement.
> > In the absence of a trusted machine owner and a TC chip, there's only
> > one reasonable thing to do, and that's not using the machine.
> 
> You're again making a wrong all or nothing assumption. In the faculty
> use case, there is no real danger for the teacher to fully trust the
> system administrator of the faculty.

In the faculty case, there's a social reason to trust the machine owner (and
his delegate, the administrator): There are rules for what they are allowed to
do, and if they break them they get in trouble.

Trust isn't always a matter of personal feelings. :-)  Also, as you say, it is
not an all-or-nothing thing.  You can usually trust the administrator enough
to get some work done.  But that doesn't mean you want to put your private
keys on the machine.  But without any trust at all, you shouldn't use the
machine.

> Of course, then a student could bribe that admin with pizzas and beer,
> but I was not considering using the computer to address this specific
> risk.

That too, but due to the contracts involved, the student would need to bring a
lot of pizza, I suppose. :-)

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html

signature.asc
Description: Digital signature