gpg: Signature made Tue Mar 4 17:38:37 2008 UTC using DSA key ID E43DA450
gpg: Good signature from "Matthew John Toseland <toad@amphibian.dyndns.org>"
On Tuesday 04 March 2008 17:31, Julien Cornuwel wrote:
> Matthew Toseland a écrit :
> > On Monday 03 March 2008 17:20, Julien Cornuwel wrote:
> >> Matthew Toseland a écrit :
> >>> On Sunday 02 March 2008 21:40, Julien Cornuwel wrote:
> >>>> The client decides what to fetch with the informations given by the WoT
> >>>> plugin. It then asks it to the FMS plugin and it works as Martin
> >>>> described in another post.
> >>>>
> >>>> The only issue I see here is that we would have to create 2 SSKs per
> >>>> user : one for the WoT, one for FMS stuff (messages...).
> >>> No, each user must have entirely separate publications. Otherwise an
> > attacker
> >>> can identify that two users share the same plugin / the same node.
> >> I don't understand your point. Of course each identity should have its
> >> own SSK for publications. What's the problem if the same plugin fetches
> >> messages for all its clients ?
> >
> > "we would have to create 2 SSKs per user : one for the WoT, one for FMS
stuff"
> >
> > I misunderstood this. But it's unnecessary anyway, you can use the same
SSK
> > and change the document name.
>
> I must have misunderstood something with how SSK works. Do you mean it's
> possible for the plugin to insert a new edition without knowledge of
> other files in it (FMS files) ? If so, can you explain how ? I'm
> interrested.
I mean you could use the same SSK pubkey. But maybe you could share more than
that, we really need to minimise polling here..
