[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System



I've revised my opinion: It's not close to useless, it's worse than
 useless.

Two things people seem not to be getting:

	1. Including the fingerprint with a signed message is much less
		pointless.  This was distributing the fingerprint *with
		the public key*.  That's bogus. However, even were
		this a signed message rather than a key...

	2. Encouraging people to trust the included ASCII fingerprint is
		a Bad Thing.  Why not just include these fingerprint
		things and not bother with this confusing, patented
		RSA stuff?  Much easier that way.

Great.  Here's the Betsi key, with the fingerprint included for those
 who don't want to use PGP to do the computation.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7

mQA9Ai5iKZAAAAEBgMAWW4+5FhyI3A5g4BT7bX8HwC6Ql4rwD/VlCNZnWZefReA5
CMJ+ot/oLrWaACcuJQAFEbQWQmV0c2kgPGNlcnRpZnlAYmIuY29tPg==
=9juv
-----END PGP PUBLIC KEY BLOCK-----

Fingerprint:

5F 34 26 5F 2A 48 6B 07  90 C9 98 C5 32 C3 44 0C

[Security or ease of use.  Choose one.]
-- 
L. Todd Masco  | "Which part of 'shall not be infringed' didn't
[email protected]  |   you understand?"