| [1] This is also my solution to the famous trust paradox proposed by Ken
| Thompson in his Reflections of Trusting Trust. Trust is earned, not
| given. To trust Ken's code, I would first ask two or more programmers (who
| I choose) to code the same function and submit their codes to tests. If
Jerrold Leichter wrote:
N-version programming - which is what you are proposing here - can increase
your level of trust against random errors[2], but its of no use at all against
a deliberate attack.
I heartly disagree. If the N-outputs are continuously verified for
coherence,
any difference
Amir Herzberg wrote:
Ed Gerck responded to me:
Can
you trust what trustbar shows you?
This trust translates to:
-- Trusting the TrustBar code (which is open source so can be validated
by tech-savvy users / sys-admin)
-- Trusting that this code was not modified (same as for any other
aspect of
Ed Gerck responded to me:
We develop TrustBar, a simple extension to FireFox ( Mozilla), that
displays the name and logo of SSL protected sites, as well as of the
CA (so users can notice the use of untrusted CA). I think it is fair
to say that this extension fixes some glitches in the
Daniel Carosone responded to me:
We develop TrustBar, a simple extension to FireFox ( Mozilla), that
displays the name and logo of SSL protected sites, as well as of the CA
(so users can notice the use of untrusted CA).
Other merits of the idea aside, if the user knows the CA is untrusted,
Michael H. Warfield wrote
What Amir and Ahmad are looking at is
showing the CA as part of the trust equation
when the user hits a site. Some CAs will
enter the user's consciousness via normal
branding methods, and new ones will
trigger care caution. Which is what
we want - if something strange
We develop TrustBar, a simple extension to FireFox ( Mozilla), that
displays the name and logo of SSL protected sites, as well as of the CA
(so users can notice the use of untrusted CA). I think it is fair to say
that this extension fixes some glitches in the deployment of SSL/TLS,
i.e. in the
