-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/15/2013 02:37 PM, Andreas Kuckartz wrote: > > But how do you know that the shipped operating system was not > compromised? Where is the trust anchor? > *** True. But Ken Thompson addressed that issue in his seminal article "Reflections on Trusting Trust" [0] and that is a known bug, definitely out of our scope. Moreover, that problem becomes even worse if you consider how Javascript in the browser can bypass the Same-Origin policy and dynamically load third-party code.
So yes, we're trusting something along the path. At minimum, I'm trusting you're going to read my message. And a lot of other things, such as: we both have access to electricity, the infrastructure is working, no bomb will obliterate us before we have finished our conversation, and the Messiah is not coming right away--otherwise it would be the Final Judgment, and all resistance would be futile. ;o) == hk [0] https://dl.acm.org/citation.cfm?id=358210 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJShmXNAAoJEEgGw2P8GJg9J54QAJbch9beqtFChGJl8zDZwr+w IvbXLUdqdrNVxP59vGYCcHNEGWLEUyANXumwmBnKy1BElXkjvZWaPonJ+caI8oxR fOr9fGjxXilIg57GFiePja451TLc4jIYVzMiJKVJEmNdltILHmAL3ghh/PE1Y2bX 9W7DvkhS9q6xlVDPgvn6KOpGb1P8heVjN//euIDsqrDI/CsvsxAbnxbB/8UFsL/n lRUAh8u9kG/rcfHPQZTKMJscqjqLmkE4EOvPlcbYRESNYLKEVS8FXe0R1EwBKx15 igvn1b5bDaF9rYs9gZKynxznQI7Q5+ZBPs2NEoDD0P0SEv1POEhqCHB9T0WJkz/0 akRkD12xJxe/O1SJALtM/yqWWlF0C9a3lZISRKNpTzAuebR/kgPiwFcQMCSaDT1C lgsvALVa9LmLs9z7RuFScHTvBq1uUvpP92zlysvb0c8t/TEs4g8E8V6OGr4c5Nw/ 8LTMUiqFp54Woon9uVZq5cKXKIOR8UChYkMYWvVJDYQ1McRaHK9EJn07nku/6YUI fi+dYm9T9tM7yxUB7bOXhaHImFn57SQWVdkxoz7FQ14/gS9ta3AK2kJH0TrgCosy CctETW+g208F2MaV9dPklbGfcypvjumW0/MYO3lDDaZ8EWCSLqUUGoPmLgITojam P4ZTS4oe6pCIm64yctTm =KrZA -----END PGP SIGNATURE-----
