[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System



>>   -  provide accountability by linking the author of a program
>>      to a real person whose identity is verified off-line 
>
>This is unnecessary, and I would claim undesirable.  A unique anonymous
> ID is just as good as a "real" one -- since you're relying upon PGP
> anyway, the mapping from signature to a known identity is one-to-one.
>
>The only reason I can see to require this "real human" mapping is
> to try to prosecute people for bugs in their code or some contamination
> that seeps into their release.
>
>That's not an aspect of the world I want to live in.

Or to warn potential virus "authors" that *their* anonymity is no longer 
assured - not a bad thing. Not enough to justify the rest of it, IMHO, but 
certainly not Evil Incarnate (not to be flinging misinterpretations or 
aspersions :-)

Dave Merriman
- - - - - - - - - - - - - - - - - - - - - - - - - - 
Finger [email protected] for PGP/RIPEM public keys and fingerprints. 
Unencrypted Email may be ignored without notice to sender.  PGP preferred.
Remember: It is not enough to _obey_ Big Brother; you must also learn to 
*love* Big Brother.