My get-only server is available in source form, is 80 lines long and thus easily understood, has been shown to meet security properties, is now in the process of being mathematically proven to meet those properties, and is published in a refereed journal which can be used to confirm its contents in detail. Hence, I do provide secure distribution through purely physical means.

Uh, proofs only go so far. There was one Cornell CS professor who was a real devotee of "proving" your programs correct. He even published one of his proofs in a "refereed" journal. Big whoop. It still had an error. Proofs can help identify flaws, but they can never rule out all flaws. That's why their name is so bogus. I wouldn't be surprised if you could prove that the Finger daemon, which is sort of like a really low-level GET-ONLY HTTP server, is also safe. In fact, your math proving ability could probably even prove the pre-Robert Morris finger daemon is safe and secure. If programmers don't think of preventing finger requests longer that 512 bytes then why should the head-in-the-clouds program provers? - Peter

-- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

P.S. "FC" is your log in and "FC is found inscribed in the writings of the Unabomber. Coincidence?