[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasonable validation of a software package



This illustrates the need for and role of certification authorities.

See http://www.law.miami.edu/~froomkin/articles/trusted.htm  for some
info.

On Sat, 13 Jul 1996, Lyal Collins wrote:

> This touches upon a favourite rant of mine.
[...]
> So, now you need to ensure that you can get your public key 
> (to verify the digital signature with) in the hands of all 
> your possible, or intended, recipients. 
> 
> Now the race is on for as many people as possible to generate 
> PGP public keys/certificates bearing your name, or variations 
> of it. Once that occurs, there is a fair chance that one of 
> these keys will verfiy the digital signature on a piece of
> software purportedly from you. Still, not many people will have 
> your true PGP public key/certificate, but, them's the breaks.

[...]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | [email protected]
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And humid.