[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto CD UpDate
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 30 Mar 1996, Bill Frantz wrote:
> At 8:36 PM 3/28/96 +0100, [email protected] wrote:
> > I may -or not- trust the people at unimi, but would I also trust
> >a lot of intermediate people putting up together a CD-ROM? For that sake,
> >and considering the costs of storage and removable storage media, I'd
> >bet many people would find more useful to download their copies from
> >the net (even once a year only) as I did.
>
> If pieces of the source/executable are digitally signed, you have a basis
> for some degree of trust. (My pgp came with a detached signature. A bit
> self-referental, but at least a start.)
It depends where the person who signed the program is in the web of trust.
I rarely find that the cooresponding public key for a digital signature is
signed by someone that I trust and that I know that that public key belongs
to whom it says it belongs. Without trust, a digital signature is completely
worthless.
- -- Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected] | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMV3zobZc+sv5siulAQHHgAQAqBcay46jx0/ez+Cz1vsjZjpWacurf3II
Oj3u29DrmuTTMk3su51Dc8oQfqF39xS6k1b5EZY/0wqC8fGumItasmwVYZFcILGl
dVO/DyAbuvmud4CamwGtTvmDDL+7Y8mojnLFHyGL7ht1JUasz0oM6EaxJyRIksjx
tSwsRj54D8w=
=MxYS
-----END PGP SIGNATURE-----