Re: what are realistic threats?

• To: masinter@parc.xerox.com
• Subject: Re: what are realistic threats?
• From: szabo@netcom.com (Nick Szabo)
• Date: Thu, 29 Sep 1994 21:25:11 -0700 (PDT)
• Cc: hallam@dxal18.cern.ch, www-security@ns1.rutgers.edu
• In-Reply-To: <94Sep29.094804pdt.2760@golden.parc.xerox.com> from "Larry Masinter" at Sep 29, 94 09:47:55 am
• Reply-To: szabo@netcom.com (Nick Szabo)

> But what are they signing? 

Indeed, some of these "certification" schemes are quite silly --
they simply rely on the assumption that we're supposed to be
impressed.  They are, quite literally, a lot of noise signifying 
nothing.

As far as software distribution goes, by far the best guarantee
that it hasn't been tampered with is the digital signatures of the 
authors themselves.  A signature by someone who hasn't closely 
examined the code is quite a piece of lunacy, but I bet there will be
plenty of suckers out there who will be impressed by some particular
well-hyped chop.

Nick Szabo				szabo@netcom.com

• Keys, certificates and URNs
• From: hallam@dxal18.cern.ch
• The ultimate in trust
• From: szabo@netcom.com (Nick Szabo)

• Re: what are realistic threats?
• From: Larry Masinter <masinter@parc.xerox.com>

• Previous: USPS public key certification services (Re: what are realistic threats?)
• Next: The ultimate in trust
• Index(es):
  • Index
  • Thread