Re: Challenge to TCPA/Palladium detractors

2002-08-09 Thread AARG!Anonymous
Anon wrote: You could even have each participant compile the program himself, but still each app can recognize the others on the network and cooperate with them. Matt Crawford replied: Unless the application author can predict the exact output of the compilers, he can't issue a signature on

Re: dangers of TCPA/palladium

2002-08-09 Thread Seth David Schoen
R. Hirschfeld writes: From: Peter N. Biddle [EMAIL PROTECTED] Date: Mon, 5 Aug 2002 16:35:46 -0700 You can know this to be true because the TOR will be made available for review and thus you can read the source and decide for yourself if it behaves this way. This may be a silly

Re: deterministic primality test

2002-08-09 Thread Joseph Ashwood
[I've got some doubts about the content here but I think the discussion is certainly on charter --Perry] Since I have received a number of private replies all saying approximately the same thing; lookup for small n, use algo for large. Allow me to extend my observation. To quote myself from

RE: Challenge to TCPA/Palladium detractors

2002-08-09 Thread Lucky Green
Anonymous wrote: Matt Crawford replied: Unless the application author can predict the exact output of the compilers, he can't issue a signature on the object code. The compilers then have to be inside the trusted base, checking a signature on the source code and reflecting it somehow

Re: [ANNOUNCE] OpenSSL 0.9.6f released

2002-08-09 Thread Rich Salz
The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting trust.

Re: [ANNOUNCE] OpenSSL 0.9.6f released

2002-08-09 Thread tc lewis
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting

[ANNOUNCE] OpenSSL 0.9.6g released

2002-08-09 Thread Richard Levitte - VMS Whacker
OpenSSL version 0.9.6g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.6g of our open source toolkit for SSL/TLS. This new OpenSSL version is

Re: [ANNOUNCE] OpenSSL 0.9.6f released

2002-08-09 Thread Tim Rice
On Fri, 9 Aug 2002, Rich Salz wrote: The checksums were calculated using the following commands: openssl md5 openssl-0.9.6f.tar.gz openssl md5 openssl-engine-0.9.6f.tar.gz Is there another md5/hash program that's readily available? Cf: Thompson's reflections on trusting

Re: md5 for bootstrap checksum of md5 implementations? (Re: [ANNOUNCE] OpenSSL 0.9.6f released)

2002-08-09 Thread Barney Wolff
C for md5 with a driver and test results is in RFC 1321, which is available in so many public places that it's impossible to trojan. Of course you need a compiler you trust, as Ken pointed out so long ago. If I were that paranoid I'd rather trust a C compiler than Perl - at least I can inspect

Re: Thanks, Lucky, for helping to kill gnutella

2002-08-09 Thread Bram Cohen
AARG!Anonymous wrote: If only there were a technology in which clients could verify and yes, even trust, each other remotely. Some way in which a digital certificate on a program could actually be verified, perhaps by some kind of remote, trusted hardware device. This way you could know

Re: Thanks, Lucky, for helping to kill gnutella

2002-08-09 Thread Antonomasia
From: AARG!Anonymous [EMAIL PROTECTED] An article on Salon this morning (also being discussed on slashdot), http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html, discusses how the file-trading network Gnutella is being threatened by misbehaving clients. In response,

Re: Thanks, Lucky, for helping to kill gnutella

2002-08-09 Thread Pete Chown
Anonymous wrote: ... the file-trading network Gnutella is being threatened by misbehaving clients. In response, the developers are looking at limiting the network to only authorized clients: This is the wrong solution. One of the important factors in the Internet's growth was that the IETF

TCPA/Palladium -- likely future implications (Re: dangers of TCPA/palladium)

2002-08-09 Thread Adam Back
On Thu, Aug 08, 2002 at 09:15:33PM -0700, Seth David Schoen wrote: Back in the Clipper days [...] how do we know that this tamper-resistant chip produced by Mykotronix even implements the Clipper spec correctly?. The picture is related but has some extra wrinkles with the TCPA/Palladium

Re: Thanks, Lucky, for helping to kill gnutella

2002-08-09 Thread Bram Cohen
Antonomasia wrote: My copy of Peer to Peer (Oram, O'Reilly) is out on loan but I think Freenet and Mojo use protocols that require new users to be contributors before they become consumers. (Leaving aside that Gnutella seems doomed on scalability grounds.) Freenet and Mojo Nation have had

[no subject]

2002-08-09 Thread AARG!Anonymous
Adam Back writes a very thorough analysis of possible consequences of the amazing power of the TCPA/Palladium model. He is clearly beginning to get it as far as what this is capable of. There is far more to this technology than simple DRM applications. In fact Adam has a great idea for how

Re: TCPA/Palladium -- likely future implications

2002-08-09 Thread AARG!Anonymous
I want to follow up on Adam's message because, to be honest, I missed his point before. I thought he was bringing up the old claim that these systems would give the TCPA root on your computer. Instead, Adam is making a new point, which is a good one, but to understand it you need a true picture

Re: Thanks, Lucky, for helping to kill gnutella (fwd)

2002-08-09 Thread R. A. Hettinga
At 1:03 AM +0200 on 8/10/02, Some anonymous, and now apparently innumerate, idiot in my killfile got himself forwarded to Mr. Leitl's cream of cypherpunks list: They will protect us from being able to extend trust across the network. As Dan Geer and Carl Ellison have reminded us on these

Re: TCPA/Palladium -- likely future implications

2002-08-09 Thread James A. Donald
-- On 9 Aug 2002 at 17:15, AARG! Anonymous wrote: to understand it you need a true picture of TCPA rather than the false one which so many cypherpunks have been promoting. As TCPA is currently vaporware, projections of what it will be, and how it will be used are judgments, and are not

Re: Challenge to TCPA/Palladium detractors

2002-08-09 Thread AARG!Anonymous
Re the debate over whether compilers reliably produce identical object (executable) files: The measurement and hashing in TCPA/Palladium will probably not be done on the file itself, but on the executable content that is loaded into memory. For Palladium it is just the part of the program