RE: [Aglets-users] Aglets.net? (http://www.aglets.org/agletsnet/)

[Douglas K. <do...@ti...>]

> The fact that an IP address resolves to a domain name does not mean much
> given the current state of security in DNS and corporate networks. Is the
> chance of _DNS_ getting it wrong within acceptable risk parameters?

Should be.  Distribution of the aglets is just one piece of the
project.  Basically, the goal is "bar-raising", and between
distributing the aglets around and some of the other techniques we are
planning on using, it should become much harder to subvert a protected
aglet.  I will not make any claims about impossible...

I'd give a URL
(http://www.pgp.com/research/nailabs/secure-execution/self-protecting.asp)
to documentation on the project, but it doesn't seem to be on our
public web server.

> into question if the query bounces through 3 or 4 different systems. What if
> one of your untrusted organizations hijacks one of the monitor systems and
> feeds in incorrect data or ignores filters? We can only assume (maybe) that

As I see things currently, my aglet will get incorrect or unfiltered
data.  For the purposes of this project, we have explicitely placed
"platform lied to us" out of the bounds of issues we are concerned
with.

> the communication between your application and the local monitor is safe.

I don't know that I'd assume that that communication is safe, but I
also don't think that its something we will address.

Our distributed aglets will (in theory) communicate with each other
frequently/securely enough that any tampering with the communication
streams  will alert "outside" aglets that the compromised aglets is
not to be trusted.. If we actually get anywhere, then trying to see if
any of this is applicabel to the monitor might be interresting.

> and of itself. Does this make sense or not?

Lots.

> Code on its way ASAP.

Received your email yesterday.  Will start playing with soon.

Thanks,
Doug
-- 
do...@ti...
dki...@na...