Path: csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed7.news.xs4all.nl!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <jeanpierreda@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.038
X-Spam-Evidence: '*H*': 0.92; '*S*': 0.00; 'subject:Python': 0.05; 'that?': 0.05; 'pretend': 0.07; 'wrong,': 0.09; 'cc:addr:python- list': 0.10; 'encryption': 0.16; 'to:addr:pearwood.info': 0.16; "to:name:steven d'aprano": 0.16; 'wrote:': 0.16; '>>>': 0.20; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; '2015': 0.23; 'sat,': 0.23; 'header:In-Reply-To:1': 0.24; 'data,': 0.27; 'message- id:@mail.gmail.com': 0.28; 'went': 0.28; 'optional.': 0.29; 'no,': 0.29; 'fri,': 0.31; 'option': 0.31; "can't": 0.32; 'post': 0.32; 'realize': 0.32; 'point': 0.33; "d'aprano": 0.33; 'steven': 0.33; 'another': 0.34; 'received:google.com': 0.34; 'could': 0.35; 'files,': 0.35; 'something': 0.35; 'but': 0.36; 'except': 0.36; 'data.': 0.36; 'two': 0.37; 'should': 0.37; 'client': 0.37; 'turn': 0.37; 'subject:: ': 0.37; 'instead': 0.38; 'say': 0.38; 'pm,': 0.39; 'application': 0.39; 'data': 0.40; 'your': 0.60; 'secure': 0.61; "you've": 0.61; 'more': 0.62; 'encrypted': 0.66; 'subject:Data': 0.66; '26,': 0.72; 'malicious': 0.84; 'receiver': 0.84; 'solved.': 0.84
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/tmYCOqo9roeezNsjAFKYQZzxtiXpRG9gUiYzFW2udk=; b=G2OtlB3NEv124YGK0euTRd+xipej/A7bxlZy+n6pJSc6C5kcKEPnWj37omu/nM5wlP x1O07mhiVp+LrHbeWle6fgwQF8XSVV/Bt4U6X+Pwy3CqC778b/Oi2qVIL9Nu7JaQ5JSq v2zs6RDA33ZOAAzQrK6PVzPTnh0OfSYPLvsakAJp3kcLOGuQY5X+25BBY65H/N9DXotl tE74E0EcAF9ZxgpTW3OGBJ7CMDsXd1T9pEz5R6rZ5H/mpIK2088guj9M0vO23fTAfNjT NaAz9HCdJr/HxnS94oLyE4vTAyIQP08XMrr1fxH32X77UdtjsYR1BpQXh8FNeGw2Qpuc O28A==
X-Received: by 10.194.172.130 with SMTP id bc2mr15660781wjc.85.1435437046079; Sat, 27 Jun 2015 13:30:46 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <558e3fc4$0$1658$c3e8da3$5496439d@news.astraweb.com>
References: <mmcagn$aa5$1@ger.gmane.org> <q67loadve6lsrh672u47omr04tvqttt6jd@4ax.com> <mailman.29.1435170987.3674.python-list@python.org> <558b7e85$0$1648$c3e8da3$5496439d@news.astraweb.com> <mailman.42.1435206516.3674.python-list@python.org> <558bc912$0$2899$c3e8da3$76491128@news.astraweb.com> <slrnmonkip.1nu.jon+usenet@frosty.unequivocal.co.uk> <558c1a7e$0$1668$c3e8da3$5496439d@news.astraweb.com> <slrnmoo7ev.1nu.jon+usenet@frosty.unequivocal.co.uk> <CAPTjJmqOzLTv9cFFKjV-BLtaFZhEZ4B870ALqNMmanCEN-VqXA@mail.gmail.com> <mailman.89.1435280528.3674.python-list@python.org> <558d86b0$0$1659$c3e8da3$5496439d@news.astraweb.com> <mailman.111.1435349412.3674.python-list@python.org> <558e1ac6$0$1675$c3e8da3$5496439d@news.astraweb.com> <mailman.119.1435377960.3674.python-list@python.org> <558e3fc4$0$1658$c3e8da3$5496439d@news.astraweb.com>
From: Devin Jeanpierre <jeanpierreda@gmail.com>
Date: Sat, 27 Jun 2015 13:30:06 -0700
Subject: Re: Pure Python Data Mangling or Encrypting
To: "Steven D'Aprano" <steve@pearwood.info>
Cc: "comp.lang.python" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.146.1435437048.3674.python-list@python.org>
Lines: 30
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1435437048 news.xs4all.nl 2896 [2001:888:2000:d::a6]:42269
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:93262

On Fri, Jun 26, 2015 at 11:16 PM, Steven D'Aprano <steve@pearwood.info> wrote:
> On Sat, 27 Jun 2015 02:05 pm, Devin Jeanpierre wrote:
>
>> On Fri, Jun 26, 2015 at 8:38 PM, Steven D'Aprano <steve@pearwood.info>
>> wrote:
>>> Now you say that the application encrypts the data, except that the user
>>> can turn that option off.
>>>
>>> Just make the AES encryption mandatory, not optional. Then the user
>>> cannot upload unencrypted malicious data, and the receiver cannot read
>>> the data. That's two problems solved.
>>
>> No, because another application could pretend to be the file-sending
>> application, but send unencrypted data instead of encrypted data.
>
> Did you stop reading my post when you got to that? Because I went on to say:

At that point I quit in frustration, yeah.

> "Actually, the more I think about this, the more I come to think that the
> only way this can be secure is for both the sending client application and
> the receiving client appl to both encrypt the data. The sender can't
> trust the receiver not to read the files, so the sender has to encrypt; the
> receiver can't trust the sender not to send malicious files, so the
> receiver has to encrypt too."

When you realize you've said something completely wrong, you should
edit your email.

-- Devin