> >How can you verify that a remote computer is the "real thing, doing
> >the right thing?"
> You cannot.

Using a high-end secure coprocessor (such as the 4758, but not
with a flawed application) will raise the threshold for the adversary

No, there are no absolutes.  But there are things you can do.
> The correct security approach is to never give a remote machine
> any data that you don't want an untrusted machine to have. 

So you never buy anything online, or use a medical facility
that uses computers?

Sean W. Smith, Ph.D.                         [EMAIL PROTECTED]   
http://www.cs.dartmouth.edu/~sws/       (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to