On Wednesday 11 May 2005 18:34, Nelson B wrote: > Ian G wrote: > > On Monday 09 May 2005 17:34, Ram A Moskovitz wrote: > >>On 5/9/05, Jean-Marc Desperrier <[EMAIL PROTECTED]> wrote: > >>>Ram A Moskovitz wrote: > >>> > >>>They can not truly attack the signature, > > > > Actually, be careful there. The fact that they cannot > > theoretically forge a digital signature should not be > > confused with the myriad of ways in which an attacker > > can futz with an *implementation* of a signing tech. > > > > I don't know anything about the code signing tech, > > That would have been a good place for that post to end, but > why stop there
Because I do know a lot about signing tech. > when one can spread more FUD? Quite the reverse! Fear, Uncertainty and Doubt was and is used to scare people into buying inappropriate technology. I am doing precisely the opposite, by pointing out how inappropriate the technology is to solve the problems being discussed. > > but if it is anything like any of a dozen other signing > > techs out there, it will probably surprise in how > > vulnerable it is. Most signing applications were > > put together with so many false assumptions that > > they are either unusable or not worth using. Included > > in that list is cousins like S/MIME. You could accuse me of spreading doom and gloom and pessimism that there is no solution to our woes .... but not FUD. iang (Well, ok, you could accuse me of spreading FUD because I've been talking about the terrible phishing epidemic for years now ....) (here's today's FUDWatch - VoIP success attracts the security parasites https://www.financialcryptography.com/mt/archives/000466.html :-) -- http://iang.org/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
