[e-lang] A broken brand?

David Wagner daw at cs.berkeley.edu
Thu Mar 13 15:04:26 EDT 2008


Toby Murray writes:
>In the attack, the unsealer is being passed an object that has the
>authority to cause the box to divulge its contents. Hence, one might
>argue that the unsealer is being passed an object that is analogous to a
>proxy for the box and, hence, the attack might be viewed as valid
>behaviour in some cases.

I'd say: This is an accurate description of the actual behavior of this
sealer/unsealer implementation, but it's not the desired or intended or
specified behavior for a sealer/unsealer.  If Viktor is relying upon
this Brand to behave like a brand ought to, then his security goals
can be violated.


More information about the e-lang mailing list