[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Provably Correct Crypto?



The shadowy figure took form and announced "I am Dr. Frederick B. Cohen and I s
ay ...

[ lots of purely subjective arguments that frequent alt.security.pgp ]

Frederick can you please tell me why I should belive thttpd is secure.
I don't accept the ability to compile it myself as evidence and I
don't accept a summary of that source written in english prose on the
basis that it has no hard link what so ever to the source.  It was
also written by the authors of thttpd.

You should find this argument hauntingly familiar.

You state that crypto should be poved correct and suggest a technique
otherwise known as formal specification.  I agree, pgp should have
been written in Z-specs.  If you take a course in formal specification
you will soon see the intractability of the technique wrt large
systems.

I'm sorry, the english prose your team writes holds no extra formal
credibility over trust.  It demonstrates more study - but has not
proven security.

If you want prople on this list to repeat after you "I cannot be
certain there is no compromising bugs or backdoors in X" Then I will
go out on a limb and say everyone here will agree if system X is
sufficiently large.

p.s X = thttpd

--
                                          <URL:http://www.comp.vuw.ac.nz/~matt>
                 |~    |~
             |~ o|    o|
       ('<  o| 
      ,',)   
     ''<<    
     ---""---