On Wed, 7 Aug 2002, Matt Crawford wrote:
Unless the application author can predict the exact output of the
compilers, he can't issue a signature on the object code. The
Same version of compiler on same source using same build produces
identical binaries.
compilers then have to be inside
I would like to again thank the Palladium team, in particular Peter
Biddle, for participating in yesterday's panel at the USENIX Security
conference on Palladium and TCPA.
Unfortunately I do not have the time at the moment to write up the many
valuable and informative points made during the
On Fri, 9 Aug 2002, David Howe wrote:
It doesn't though - that is the point. I am not sure if it is simply
that there are timestamps in the final executable, but Visual C (to give
a common example, as that is what the windows PGP builds compile with)
will not give an identical binary, even
Hi all,
Its obvious that some of us here are developers and still others
have never typed make or gcc in their lives.
-v and -V options given to various forms of ld caused the embeddment of
version information in the binary(Sunpro does this also, AND early versions
of MSC allowed
This program can be used by anonymous contributors to release partial
information about their identity - they can show that they are someone
from a list of PGP key holders, without revealing which member of the
list they are. Maybe it can help in the recent controvery over the
identity of
An article on Salon this morning (also being discussed on slashdot),
http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html,
discusses how the file-trading network Gnutella is being threatened by
misbehaving clients. In response, the developers are looking at limiting
the
James A. Donald wrote:
--
On Wed, 7 Aug 2002, Matt Crawford wrote:
Unless the application author can predict the exact output of
the compilers, he can't issue a signature on the object code.
The
On 9 Aug 2002 at 10:48, Eugen Leitl wrote:
Same version of compiler on same
I'm not surprised that most people couldn't produce a matching PGP
executbales - most compilers (irrespective of compiler optimisation
options etc) include a timestamp in the executable.
Regards,
Sam Simpson
[EMAIL PROTECTED]
http://www.samsimpson.com/
Mob: +44 (0) 7866 726060
Home
On Fri, Aug 09, 2002 at 10:05:15AM -0700, AARG! Anonymous wrote:
On Gnutella discussion sites, programmers are discussing a number of
technical proposals that would make access to the network contingent
on good behavior: If you write code that hurts Gnutella, in other
words, you don't
Very nice.
Nice plausible set of candidate authors also:
pub 1022/5AC7B865 1992/12/01 [EMAIL PROTECTED]
pub 1024/2B48F6F5 1996/04/10 Ian Goldberg [EMAIL PROTECTED]
pub 1024/97558A1D 1994/01/10 Pr0duct Cypher alt.security.pgp
pub 1024/2719AF35 1995/05/13 Ben Laurie [EMAIL PROTECTED]
AARG!Anonymous wrote:
If only there were a technology in which clients could verify and yes,
even trust, each other remotely. Some way in which a digital certificate
on a program could actually be verified, perhaps by some kind of remote,
trusted hardware device. This way you could know
On Fri, 9 Aug 2002, Jay Sulzberger wrote:
There are many solutions at the level of technical protocols that solve
the projection of these problems down to the low dimensional subspace of
technical problems. Some of these technical protocols will be part of
a full system which accomplishes
On Fri, 9 Aug 2002, AARG!Anonymous wrote:
... /
Not discussed in the article is the technical question of how this can
possibly work. If you issue a digital certificate on some Gnutella
client, what stops a different client, an unauthorized client, from
pretending to be the legitimate
Anonymous wrote:
... the file-trading network Gnutella is being threatened by
misbehaving clients. In response, the developers are looking at limiting
the network to only authorized clients:
This is the wrong solution. One of the important factors in the
Internet's growth was that the IETF
Antonomasia wrote:
My copy of Peer to Peer (Oram, O'Reilly) is out on loan but I think
Freenet and Mojo use protocols that require new users to be
contributors before they become consumers. (Leaving aside that
Gnutella seems doomed on scalability grounds.)
Freenet and Mojo Nation have had
On Thu, Aug 08, 2002 at 09:15:33PM -0700, Seth David Schoen wrote:
Back in the Clipper days [...] how do we know that this
tamper-resistant chip produced by Mykotronix even implements the
Clipper spec correctly?.
The picture is related but has some extra wrinkles with the
TCPA/Palladium
You're being quite creative with alternative spelling and punctuation.
However, if you think that provides sustainable stealth cover against a
competent attacker (TLA agencies must by now be really good with
linguistic forensics) you're fooling yourself.
For executable binary verification it is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 1:03 AM +0200 on 8/10/02, Some anonymous, and now apparently
innumerate, idiot in my killfile got himself forwarded to Mr. Leitl's
cream of cypherpunks list:
They will protect us from being able
to extend trust across the network.
As Dan Geer
From: AARG!Anonymous [EMAIL PROTECTED]
An article on Salon this morning (also being discussed on slashdot),
http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html,
discusses how the file-trading network Gnutella is being threatened by
misbehaving clients. In response,
--
On 9 Aug 2002 at 17:15, AARG! Anonymous wrote:
to understand it you need a true picture of TCPA rather than the
false one which so many cypherpunks have been promoting.
As TCPA is currently vaporware, projections of what it will be,
and how it will be used are judgments, and are not
Several people have objected to my point about the anti-TCPA efforts of
Lucky and others causing harm to P2P applications like Gnutella.
Eric Murray wrote:
Depending on the clients to do the right thing is fundamentally
stupid.
Bran Cohen agrees:
Before claiming that the TCPA, which is from
On Fri, 9 Aug 2002, AARG! Anonymous wrote:
: Allow computers separated on the internet to cooperate and share data
: and computations such that no one can get access to the data outside
: the limitations and rules imposed by the applications.
It seems to me that my definition is far more
On Fri, 9 Aug 2002, AARG! Anonymous wrote:
Of course his analysis is spoiled by an underlying paranoia. So let me
ask just one question. How exactly is subversion of the TPM a greater
threat than subversion of your PC hardware today? How do you know that
Intel or AMD don't already have
23 matches
Mail list logo
