[RSSAC Caucus] [Ext] Local Perspective Work Party - data publication
Warren Kumari
warren at kumari.net
Thu Jul 8 18:58:24 UTC 2021
On Wed, Jul 7, 2021 at 10:26 AM Andrew McConachie
<andrew.mcconachie at icann.org> wrote:
>
>
>
> On 7 Jul 2021, at 15:57, Warren Kumari <warren at kumari.net> wrote:
>
>
>
> And adding hashes isn't going to help if #2 fails because the tool doesn’t have write access to disk.
>
> You can avoid all this mess by simply never writing anything to the local disk.
>
>
> Nah; if you don't trust your users to not mess with the results of the
> measurement tool, writing to the disk or not is not going to change
> your trust/threat model….
>
>
>
> It’s less about security than it is about avoiding breakage. I’m not even really thinking in terms of security, I mainly don’t want the tool to fail in the middle of execution because it can’t write to disk or because an intrepid user tried to modify their results and mucked up the file.
>
> A user could forge their own results without even using the tool and push them repeatedly. Which is another reason why a hash offers no real benefit.
Yup.
W
>
> —Andrew
--
The computing scientist’s main challenge is not to get confused by the
complexities of his own making.
-- E. W. Dijkstra
More information about the rssac-caucus
mailing list