Challenge to TCPA/Palladium detractors

Lucky Green shamrock at cypherpunks.to
Fri Aug 9 00:48:21 PDT 2002


Anonymous wrote:
> Matt Crawford replied:
> > Unless the application author can predict the exact output of the 
> > compilers, he can't issue a signature on the object code.  The 
> > compilers then have to be inside the trusted base, checking a 
> > signature on the source code and reflecting it somehow through a 
> > signature they create for the object code.
> 
> It's likely that only a limited number of compiler 
> configurations would be in common use, and signatures on the 
> executables produced by each of those could be provided.  
> Then all the app writer has to do is to tell people, get 
> compiler version so-and-so and compile with that, and your 
> object will match the hash my app looks for. DEI

The above view may be overly optimistic. IIRC, nobody outside PGP was
ever able to compile a PGP binary from source that matched the hash of
the binaries built by PGP. 

--Lucky Green


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list