Taral wrote:
On Wed, Feb 09, 2005 at 09:08:45PM +0000, Ian G wrote:
The plugin is downloadable from a MozDev site,
and presumably if enough attention warrants it,
Amir can go to the extent of signing it with a
cert in Mozilla's code signing regime.
This, of course, is up to Mozilla, not to me... We are trying to get
Mozilla (and other browsers) to adopt the idea. I guess, once they do,
they'll do a review and then sign, as first step towards integrating it
into the browser package (you can't expect to protect all/most users,
including naive, with an extension - signed or not...).
That only authenticates that Amir wrote the code, not that the code is
safe.
Absolutely! And I didn't write the code, btw, Ahmad did. I'm just
writing designs, protocols, proofs, papers... (I like programming but
rarely get to it, I'm afraid).
Also, as Amir is a relatively well known name in
the world of crypto I suppose you could consider
his incentives to be more aligned with delivering
good code than code that would do you damage.
thanks!
*This* is a reasonable argument, but I'd prefer a second-party review
before I install anything.
Of course; again: by posting on this list I am exactly encouraging
people to review the code (it is all script so you can just download
TrustBar and read it), write their own better code, etc...
Best, Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
