Nils Maier wrote: > That all would imply that LF would be still a good security solution. > They are not. They are not a security solution at all. > They happen to prevent a particular scenario by coincidence.
I designed them to prevent that scenario. That's what they are for. So how can it be "coincidence"? > And still, there is no way to know it is a trojan. > For that decision you either got a security application (anti-virus) you > verify something else or you're out of luck and can make guesses. Anti-virus applications always lag behind, even for "popular" (i.e. successful) viruses. And I doubt the trojaned code in e.g. the Wordpress case ever made it into any anti-virus blacklist. > You did not invent is. That's plain bullshit. > Others have used link-fingerprints for different pruposes for year. > Including myself. And yet, I don't claim I invented it. > What you probably guessed of first was to use LF for data verification. Give me a reference to a description of Link Fingerprints, including the syntax we are using (#!md5!09F9...) which predates this: http://weblogs.mozillazine.org/gerv/archives/2005/03/link_fingerprin_1.html (March 29th, 2005, in the middle of the comments) and I'll believe you. The page defining how it should work: http://www.gerv.net/security/link-fingerprints/ has been up since April 27th of that year. > And no, you don't get to say what it is for. Unless you claim you're the > owner of mozilla. Feel free to implement it in *your* apps like you > want, but don't bother to try to just push it into a community-developed > OSS. In which case, why don't you stop telling _us_ how it should work in our app? This works both ways. Alternatively, of course, we could all do the same thing and actually have unity of purpose and interoperability. > And yes, I can say it is for something else. While you might have > thought about this way of data-verfication first you did not invent and > define (secure) hash algorithms and what they can be used for. I didn't claim that I did. > That last comment changed my opinion of you. You're just some ignorant > "inventor" trying to protect his flawed invention and ideas by all > means. Thanks for clarifying this. That's an unfair characterisation. Whether I came up with this idea is a matter of fact, not of opinion. If you can point to where the hash-based fragment-identifier extension on links was independently invented before I thought of it, I'll happily stop claiming to have invented it. I stand to gain nothing financially from this "claim", so I don't know what you think my motives are. The point is not "I invented it, so I get to say what it's for", the point is "I invented it for a particular purpose, and that requires it to work a particular way; therefore it makes no sense for you to say 'it should work an entirely different way, because it's actually for an entirely different purpose.'". Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
