I've been thinking about this recently for obvious reasons. My concern is that if someone can attack your download of netscape, they could also attack your download of the program that validates netscape. Is there really any way out of this one?

--Jeff

I remember sometime in the last couple of years seeing a cert advisory that said that people's checksumming programs were being replaced by ones that did the normal checksumming except on compromised programs. This was part of one particular attack as I remember. Patrick _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick@verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________/