RE: [Aglets-users] Aglets.net? (http://www.aglets.org/agletsnet/)
Status: Beta
Brought to you by:
cat4hire
From: Douglas K. <do...@ti...> - 2001-02-22 20:40:41
|
> The fact that an IP address resolves to a domain name does not mean much > given the current state of security in DNS and corporate networks. Is the > chance of _DNS_ getting it wrong within acceptable risk parameters? Should be. Distribution of the aglets is just one piece of the project. Basically, the goal is "bar-raising", and between distributing the aglets around and some of the other techniques we are planning on using, it should become much harder to subvert a protected aglet. I will not make any claims about impossible... I'd give a URL (http://www.pgp.com/research/nailabs/secure-execution/self-protecting.asp) to documentation on the project, but it doesn't seem to be on our public web server. > into question if the query bounces through 3 or 4 different systems. What if > one of your untrusted organizations hijacks one of the monitor systems and > feeds in incorrect data or ignores filters? We can only assume (maybe) that As I see things currently, my aglet will get incorrect or unfiltered data. For the purposes of this project, we have explicitely placed "platform lied to us" out of the bounds of issues we are concerned with. > the communication between your application and the local monitor is safe. I don't know that I'd assume that that communication is safe, but I also don't think that its something we will address. Our distributed aglets will (in theory) communicate with each other frequently/securely enough that any tampering with the communication streams will alert "outside" aglets that the compromised aglets is not to be trusted.. If we actually get anywhere, then trying to see if any of this is applicabel to the monitor might be interresting. > and of itself. Does this make sense or not? Lots. > Code on its way ASAP. Received your email yesterday. Will start playing with soon. Thanks, Doug -- do...@ti... dki...@na... |