[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcing Bellcore's Trusted Software Integrity (Betsi) System
I've revised my opinion: It's not close to useless, it's worse than
useless.
Two things people seem not to be getting:
1. Including the fingerprint with a signed message is much less
pointless. This was distributing the fingerprint *with
the public key*. That's bogus. However, even were
this a signed message rather than a key...
2. Encouraging people to trust the included ASCII fingerprint is
a Bad Thing. Why not just include these fingerprint
things and not bother with this confusing, patented
RSA stuff? Much easier that way.
Great. Here's the Betsi key, with the fingerprint included for those
who don't want to use PGP to do the computation.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQA9Ai5iKZAAAAEBgMAWW4+5FhyI3A5g4BT7bX8HwC6Ql4rwD/VlCNZnWZefReA5
CMJ+ot/oLrWaACcuJQAFEbQWQmV0c2kgPGNlcnRpZnlAYmIuY29tPg==
=9juv
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
[Security or ease of use. Choose one.]
--
L. Todd Masco | "Which part of 'shall not be infringed' didn't
[email protected] | you understand?"