blob: 1d06a49a37cfb37fbb811211dc2aa4798cd8a0ea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
* loadLog should verify the hashes (and signatures) in the log, and
refuse to use logs that are not valid proofs of a session.
* Encryption!
* Add random nonce to start message, to avoid replay issues.
(Or perhaps the encryption derives a RSA key in a way that avoids
replay..)
* Network!
* Server!
* gpg key downloading, web of trust checking, prompting
Alternatively, let debug-me be started with a gpg key,
this way a project's website can instruct their users to
"run debug-me --trust-gpg-key=whatever"
|
