Challenge to TCPA/Palladium detractors
Lucky Green
shamrock at cypherpunks.to
Fri Aug 9 00:48:21 PDT 2002
Anonymous wrote:
> Matt Crawford replied:
> > Unless the application author can predict the exact output of the
> > compilers, he can't issue a signature on the object code. The
> > compilers then have to be inside the trusted base, checking a
> > signature on the source code and reflecting it somehow through a
> > signature they create for the object code.
>
> It's likely that only a limited number of compiler
> configurations would be in common use, and signatures on the
> executables produced by each of those could be provided.
> Then all the app writer has to do is to tell people, get
> compiler version so-and-so and compile with that, and your
> object will match the hash my app looks for. DEI
The above view may be overly optimistic. IIRC, nobody outside PGP was
ever able to compile a PGP binary from source that matched the hash of
the binaries built by PGP.
--Lucky Green
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list