-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marius Gedminas wrote:
On Fri, Dec 12, 2008 at 12:45:27PM +0000, Malthe Borch wrote:
Martijn Pieters wrote:
The C extension is required to make messageids immutable. Because they are immutable, the security machinery can treat them as rocks, e.g. safe to pass around. Removing the C-extension undoes this, as you cannot make truely immutable.
I believe it is possible to do this in pure Python:
I have doubts about that, but I don't think I'm smart enough to consider all the security implications.
I'm still waiting for somebody (Jim, Martijn, Marius) to outline *any* security implication here: what kinds of attacks do you imagine become possible if some nefarious user finds a way to mutate a message ID? And are any such mutations feasible at all for applications which don't allow untrusted users to write code? Note that preventing *programming errors* is not sufficient justification in my mind: we already expect Python developers to play as "consenting adults" inside of trusted code. (later: Jim wrote me privately that he didn't have time to pursue the qu estion, but thought the dicussion could go on). Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUVny+gerLs4ltQ4RAuNaAJ447pPnJ06+5vByqYQK6sP6/gm5HgCdH6LF Yz0hukR5bqNCO3IRQYAG+ks= =Kfhh -----END PGP SIGNATURE-----