[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)

To: [email protected], [email protected]
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
From: [email protected] (Patrick Horgan)
Date: Tue, 3 Oct 1995 09:56:26 -0700
Sender: [email protected]

> 
>   I've been thinking about this recently for obvious reasons.  My concern
> is that if someone can attack your download of netscape, they could also
> attack your download of the program that validates netscape.  Is there
> really any way out of this one?
> 
> 	--Jeff

I remember sometime in the last couple of years seeing a cert advisory that
said that people's checksumming programs were being replaced by ones that
did the normal checksumming except on compromised programs.  This was part
of one particular attack as I remember.

Patrick
   _______________________________________________________________________
  /  These opinions are mine, and not Verity's (except by coincidence;).  \
 |                                                       (\                |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have       |
 |  [email protected]        1550 Plymouth Street         \\  _ Sword     | 
 |  Phone : (415)960-7600     Mountain View                 \\/    Will    | 
 |  FAX   : (415)960-7750     California 94303             _/\\     Travel | 
  \___________________________________________________________\)__________/

Prev by Date: Re: New Netscape bug (in version 1.12)
Next by Date: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
Prev by thread: STT Authentication
Next by thread: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
Index(es):
- Date
- Thread