I need to sit down and work through some scenarios, but
I suspect that this scheme is still susceptable to
integrity and authentification attacks (either
malicious end-points or malicious intercepting hosts
between two CJAN end-points).
This removes a major problem for CJAN administrators being
expected to protect security. [ Legal ramifications of
setting oneself up as a moderator/inpector ... ]
- JonT
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2002-04-08
priority: 5 --> 3
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: NO
Require material (code/document/jar/...) signing.
This removes a major problem for CJAN administrators being
expected to protect security. [ Legal ramifications of
setting oneself up as a moderator/inpector ... ]
- JonT