[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats?
> But what are they signing?
Indeed, some of these "certification" schemes are quite silly --
they simply rely on the assumption that we're supposed to be
impressed. They are, quite literally, a lot of noise signifying
nothing.
As far as software distribution goes, by far the best guarantee
that it hasn't been tampered with is the digital signatures of the
authors themselves. A signature by someone who hasn't closely
examined the code is quite a piece of lunacy, but I bet there will be
plenty of suckers out there who will be impressed by some particular
well-hyped chop.
Nick Szabo szabo@netcom.com
Follow-Ups:
References: