On Sun, 28 Jun 2015 06:30 am, Devin Jeanpierre wrote: > On Fri, Jun 26, 2015 at 11:16 PM, Steven D'Aprano <st...@pearwood.info> > wrote: >> On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote: >> >>> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <st...@pearwood.info> >>> wrote: >>>> Now you say that the application encrypts the data, except that the >>>> user can turn that option off. >>>> >>>> Just make the AES encryption mandatory, not optional. Then the user >>>> cannot upload unencrypted malicious data, and the receiver cannot read >>>> the data. That's two problems solved. >>> >>> No, because another application could pretend to be the file-sending >>> application, but send unencrypted data instead of encrypted data. >> >> Did you stop reading my post when you got to that? Because I went on to >> say: > > At that point I quit in frustration, yeah. > >> "Actually, the more I think about this, the more I come to think that the >> only way this can be secure is for both the sending client application >> and the receiving client appl to both encrypt the data. The sender can't >> trust the receiver not to read the files, so the sender has to encrypt; >> the receiver can't trust the sender not to send malicious files, so the >> receiver has to encrypt too." > > When you realize you've said something completely wrong, you should > edit your email.
If both the sender and receiver encrypt the data, how is is "completely wrong" to say that encrypting data should be mandatory? -- Steven -- https://mail.python.org/mailman/listinfo/python-list
