[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape'sdependence upon RSA down for the count!)

To: [email protected] (Jeff Weinstein)
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape'sdependence upon RSA down for the count!)
From: [email protected] (Douglas Barnes)
Date: Mon, 2 Oct 1995 23:58:35 -0800
Cc: [email protected]
Sender: [email protected]


The idea here is to use multiple alternative channels for distributing
the checksums (newsgroups, mailing lists, telephone support lines,
fax-back service, e-mail, etc.), in addition to the ftp sites.

Also, since you guys use (relatively untrusted) mirror sites, you can
distribute the checksums on your official sites, so that people can
verify them from you directly, even if it's more practical for their
main download to be from a "local" mirror.

>
>  I've been thinking about this recently for obvious reasons.  My concern
>is that if someone can attack your download of netscape, they could also
>attack your download of the program that validates netscape.  Is there
>really any way out of this one?
>
>        --Jeff

Prev by Date: Re: SAIC bought InterNic, but who is SAIC? A spook contractor!
Next by Date: Re: Crypto APIs
Prev by thread: Re: CYPHERPUNK considered harmful.
Next by thread: New Netscape bug (in version 1.12)
Index(es):
- Date
- Thread