[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System




>
>Certainly not enough to justify the rest: Can you name one example of an
> author of a package including some virus?  Not someone putting one
> post-production (individual signing will prevent that), but the original
> author?
>
>It's a straw man.

Well, there was that CD-ROM program of a couple months ago that professed to 
be from one of the drive manufacturers (but wasn't) containing some kind of 
Binary Nasty (tm).  The mfr's finally had to post (far and wide) the fact 
that it was *not* their program.  The program was posted using a false ID, 
etc.  Don't know if the Bellcore system would prevent that, but it is *one* 
example, anyway.

I'm not arguing that the Bellcore system is the answer to Life, the Universe, 
and Everything; just that there are some small pieces to it that have *some* 
perceivable merit to them.  Personally, I wouldn't want anything to do with 
it - as you note, the costs and hazards _far_ outweigh any benefits, and 
there are easier and more secure ways of accomplishing the same things.

Dave Merriman
- - - - - - - - - - - - - - - - - - - - - - - - - - 
Finger [email protected] for PGP/RIPEM public keys and fingerprints. 
Unencrypted Email may be ignored without notice to sender.  PGP preferred.
Remember: It is not enough to _obey_ Big Brother; you must also learn to 
*love* Big Brother.