[sugar] Integration with web apps (and Moodle specifically!)

Ian Bicking ianb
Mon Sep 4 13:13:47 EDT 2006


Dan Williams wrote:
> We discussed some of this with Simson on Friday.  The activity bundles
> will at least be signed by the originator to determine identity, and
> communication in the system will be encrypted to deter
> man-in-the-middle.  So you'll at least be able to ensure that, if you're
> passed an activity, nobody modified it in-transit, and that somebody
> signed an activity bundle.  Now, whether or not you trust that person is
> a different story, and how/if you ask the child what they want to do
> with it.
> 
> Ideally that integrates into the KCM such that if your friend Kristin
> signed the activity bundle with a private key, and you have Kristin's
> public key stored because you have a trust relationship with her, it's
> all magic.

Is the idea to allow someone to run code produced by a trusted peer?  If 
the peer's computer is compromised, would it be possible for a virus to 
get access to their private key and send a signed and malicious package 
to another user?


-- 
Ian Bicking | ianb at colorstudy.com | http://blog.ianbicking.org


More information about the Sugar-devel mailing list