[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how to release code if the programmer is a target for (fwd)


Forwarded message:

> Date: Sat, 17 Jan 1998 12:12:08 -0800
> From: Jonathan Wienke <[email protected]>
> Subject: Re: how to release code if the programmer is a target for (fwd)

> However, if Alice has had my key for 6 months, and has verified the
> signatures on 100 of my Cypherpunks posts, and my signature on GunzenBombs
> Pyro-Technologies latest checks out, she can be pretty confident that I
> actually signed it.  On the other hand, if she didn't already have it, and
> got a fake key and document from Mallet, Alice would not be able to use the
> fake key to verify the signatures on my prior Cypherpunks posts.  This
> ought to be a red-flagged clue that something is rotten in Denmark...

That's all fine and dandy, however, we *are* talking about an eternity server
architecture that delivers documents to an end user in a secure manner on
demand with no mechanism, by design, to determine the original source. In
this case there would by definition be *no* history to verify against.

It is in fact this lack of history from the users perspective that causes
the authenticity problem in the first place. Further, a point that seems
to have been forgotten, we are talking about signed and not encrypted
documents. Of course there are some similar problems if we do include the
encryption of the data itself into the protocol.



    ____________________________________________________________________
   |                                                                    |
   |       The most powerful passion in life is not love or hate,       |
   |       but the desire to edit somebody elses words.                 |
   |                                                                    |
   |                                  Sign in Ed Barsis' office         |
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http://www.ssz.com/   |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 [email protected]     |
   |                                                  512-451-7087      |
   |____________________________________________________________________|




    ____________________________________________________________________
   |                                                                    |
   |       The most powerful passion in life is not love or hate,       |
   |       but the desire to edit somebody elses words.                 |
   |                                                                    |
   |                                  Sign in Ed Barsis' office         |
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http://www.ssz.com/   |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 [email protected]     |
   |                                                  512-451-7087      |
   |____________________________________________________________________|