gistfile1.txt

----------[4.907]
~tasfyn-partyv= a private conversation makes me think of trust graphs
~tasfyn-partyv= should we obey an order we get over the network?
~tasfyn-partyv= appliances shouldn't decide this on their own
----------[4.910]
~tasfyn-partyv= they need a system service that maps sender to trust
~tasfyn-partyv= where trust level is, say, 0 == enemy, 3 == absolute
~tasfyn-partyv= also for security, we need an installation bit
~tasfyn-partyv= which is roughly: trusted or untrusted appliance
~tasfyn-partyv= when an untrusted appliance acts, its actions are
----------[4.915]
~tasfyn-partyv= considered "tainted" by both the event's cause and the
~tasfyn-partyv= appliance's author; this "taint", meaning "caused by," set
~tasfyn-partyv= is the general case of causal security
~tasfyn-partyv= only a trusted appliance can erase taint, and turn
~tasfyn-partyv= an order from another urbit into an action by self
----------[4.920]
~tasfyn-partyv= but none of this is in the codebase yet
~tasfyn-partyv= but it's not hard and involves minimal arvo/vane changes
~tasfyn-partyv= clearly it needs to be done sooner not later :-)
~ramtev-wisbyt= well, not *super* soon
~ramtev-wisbyt= untrusted linking has saved me before
----------[4.925]
~tasfyn-partyv= ha
~tasfyn-partyv= yes, there's a reason the early internets had no security
~tasfyn-partyv= but urbit is not of course complete without it
~tasfyn-partyv= and we're living dangerously by adding security
~tasfyn-partyv= to an already working system
----------[4.930]
~mossug-tasled= the honor system has its merits
~mossug-tasled= 'cept when it doesnt