Thoughts on droplets
Tue, 2 Nov 1999 15:00:41 -0800 (PST)
>> That was the obvious answer. But how do you protect the private key from
>That's what the tamper-proof hardware is for. I'm missing something.
Maybe I'm now stating the obvious but it sounds like there are two
distinct problems with not-completely-overlapping solutions:
1. Given a set of trusted hardware controlled by trusted people, how
can you link that hardware up over insecure networks to create a trusted
distributed virtual machine?
2. Given a set of (initially) untrusted hardware controlled by (initially)
untrusted people, how can you link *your* trusted (by you) hardware up to
that untrusted hardware such that you can successfully and selectively
build trust and communicate securely.
Jonathan seems to be talking about problem #1, but I think Droplets and E
are more about solving problem #2. Both problems are interesting and worth
solving. In particular, having a solution for #1 doesn't obviate the need
for solving #2 since it's impractical (in today's world) to believe that
everyone you wish to communicate with is trustworthy and is furthermore
running all their software on a trusted-hardware base that is
Now I have to ask, am *I* missing something?