Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: Paul Fiondella who wrote (28468)	10/6/1999 9:55:00 AM
From: Scott C. Lemon	Respond to of 42771

Hello Paul, I would love to see the architectural documents on this, but I'm afraid that you might not be right ... > The operator of the digitalme identity vault server site cannot get > access to user information. That information is protected behind > encryption technology. I have been playing with the site a little bit and the type of security which you describe is very difficult to have. This is the discussion that I was having with Bearded One a couple of weeks ago. 1. I can see my information in a browser. The information is not being decrypted in my browser. This means that is is being sent to me unencrypted (but through a SSL pipe) so the data has to be able to be decrypted at the server side. If it is decrypted at the server side, then the owner of the box has the ability to decrypt the data. 2. I can share my information with other people. If I share data with you, you can see it - decrypted! This means that you are somehow accessing my information, and you are viewing it decrypted on your end. I didn't give you keys, and it was passed to you in your browser (over a SSL pipe) so it was decrypted on the server. That means that the owner of the box has the ability to decrypt at the server. I'm sorry, but I think that folks are trying to focus on the wrong attributes of the product. This type of security just isn't simple to implement ... or feasible. > Unlike web sites that information is not stored in an accessible > database. Therefore there is no way for someone to get at your > information unless you reveal it to them. The only true way to provide this level of security is to encrypt on your end, at your PC, and then ship the encrypted blob to the server for storage. But then you break down the model of information sharing. It's almost like sending a whole bunch of personal things to a storage shed company, for them to box up and store. I guess they can tell you their eyes were closed while packing it up ... but ... Scott C. Lemon