[RSSAC Caucus] [Ext] Local Perspective Work Party - data publication
Andrew McConachie
andrew.mcconachie at icann.org
Wed Jul 7 14:26:20 UTC 2021
> On 7 Jul 2021, at 15:57, Warren Kumari <warren at kumari.net> wrote:
>
>>
>>
>> And adding hashes isn't going to help if #2 fails because the tool doesn’t have write access to disk.
>>
>> You can avoid all this mess by simply never writing anything to the local disk.
>
> Nah; if you don't trust your users to not mess with the results of the
> measurement tool, writing to the disk or not is not going to change
> your trust/threat model….
>
>
It’s less about security than it is about avoiding breakage. I’m not even really thinking in terms of security, I mainly don’t want the tool to fail in the middle of execution because it can’t write to disk or because an intrepid user tried to modify their results and mucked up the file.
A user could forge their own results without even using the tool and push them repeatedly. Which is another reason why a hash offers no real benefit.
—Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/rssac-caucus/attachments/20210707/832a0db2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2604 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/rssac-caucus/attachments/20210707/832a0db2/smime-0001.p7s>
More information about the rssac-caucus
mailing list