[148945] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon Jan 6 01:24:47 2014
X-Original-To: cryptography@metzdowd.com
Date: Sun, 5 Jan 2014 22:03:28 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1401051146460.10939@astro.indiana.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 1/5/14 at 12:25 PM, jthorn@astro.indiana.edu (Jonathan
Thornburg) wrote:
>But this raises some genuine questions:
>* Is there a secure web browser? My trust level in any of the biggies
>(Microsoft, Apple, Google, Mozilla) is low...
>* I've just booked a hotel room in <distant city>; the hotel sent me a
>.docx file which claims to be a confirmation. Is there an "office suite"
>in which it's safe for me to look at that .docx file?
>* Same question, but for pdf files?
>* For bonus points, can that pdf-viewer edit fillable pdf forms? I have
>seen claims that evince or mupdf can do this... but neither seems to
>handle either US or Canadian tax forms. :(
There is a path to make running the current versions of these
programs safe.
As a thought experiment: Get a piece of hardware. Install an OS
from R/O media -- e.g. DVD. Read your .docx/.pdf file from
CD/DVC. Wipe the system and start over for the next file.
In addition to systems like KeyKOS/Capros/etc., which implement
this model, a group a HP labs built a system called Polaris.
Polaris started apps under a separate userid and tossed the
userid when the app completed. Calling up an open file dialog
box let the app access a specific file -- outside that separate
userid -- specified by the human user of the system. Polaris
depended on the integrity of the user/user security controls in
Windows. If they failed, at least you could submit a bug report
to Microsoft. :-)
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Privacy is dead, get over | Periwinkle
(408)356-8506 | it. | 16345
Englewood Ave
www.pwpconsult.com | - Scott McNealy | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
