Making sure a program gets to the receiver intact
Nesta Stubbs
nesta at nesta.pr.mcs.net
Tue Dec 27 17:02:35 PST 1994
On Tue, 27 Dec 1994, Matt Blaze wrote:
> including tamper-evident seals on their packages, but until consumers
> learned to expect the seals, all the bad guys had to do was remove
> the seal entirely before replacing the tainted packages. In the short
> term, given today's infrastructure, there's not a lot you can do.
>
> Of course, in the medium- and long- term, the best solution is to
> design good schemes and deploy them widely enough that people learn
> to expect them.
>
One solution, or start of a solution, is to tell the user about the
signature checks, and how to go about verifying them in teh README text
file, that most users come to expect in a package of software. Or
perhaps add into the tar and zipped packagea file called SIGNATURECHECK
or something suitably obvious, as well as explaining it. I believe most
users expect the README file enough to look in it, at least skimming it.
i want to know everything http://www.mcs.com/~nesta/home.html
i want to be everywhere Nesta's Home Page
i want to fuck everyone in the world &
i want to do something that matters /-/ a s t e zine
More information about the cypherpunks-legacy
mailing list