Does your software?

[fc@all.net (Dr. Frederick B. Cohen)]

Aleph One / aleph1@dfw.net typed:
...
> fc@all.net typed:
> > That's correct.  Secure software has to have secure distribution in
> > order to maintain its security when distributed through an untrusted
> > channel.  I think that Netscape uses an MD5 checksum which the members
> > of this list seem to place unlimited trust in (incorrectly in my view,
> > but that would be picking two nits with one keyboard entry).
> 
> Question: Does your software (your striped down http server, etc)
> do this? I bet not.

How much do you owe me?

The differences between my secure http server and Netscape's browser
are quite dramatic, so I think you deserve a fairly comprehensive answer.

My get-only server cannot run outside applications, and hence does not
have the vulnerability of Netscape's browser.  Note also the distinction
between a server and a browser.

My get-only server is available in source form, is 80 lines long and
thus easily understood, has been shown to meet security properties, is
now in the process of being mathematically proven to meet those
properties, and is published in a refereed journal which can be used to
confirm its contents in detail.  Hence, I do provide secure distribution
through purely physical means. 

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236