Anon wrote:
You could even have each participant compile the program himself,
but still each app can recognize the others on the network and
cooperate with them.
Matt Crawford replied:
Unless the application author can predict the exact output of the
compilers, he can't issue a signature on
R. Hirschfeld writes:
From: Peter N. Biddle [EMAIL PROTECTED]
Date: Mon, 5 Aug 2002 16:35:46 -0700
You can know this to be true because the
TOR will be made available for review and thus you can read the source and
decide for yourself if it behaves this way.
This may be a silly
[I've got some doubts about the content here but I think the
discussion is certainly on charter --Perry]
Since I have received a number of private replies all saying approximately
the same thing; lookup for small n, use algo for large. Allow me to extend
my observation.
To quote myself from
Anonymous wrote:
Matt Crawford replied:
Unless the application author can predict the exact output of the
compilers, he can't issue a signature on the object code. The
compilers then have to be inside the trusted base, checking a
signature on the source code and reflecting it somehow
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.6f.tar.gz
openssl md5 openssl-engine-0.9.6f.tar.gz
Is there another md5/hash program that's readily available?
Cf: Thompson's reflections on trusting trust.
On Fri, 9 Aug 2002, Rich Salz wrote:
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.6f.tar.gz
openssl md5 openssl-engine-0.9.6f.tar.gz
Is there another md5/hash program that's readily available?
Cf: Thompson's reflections on trusting
OpenSSL version 0.9.6g released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of version
0.9.6g of our open source toolkit for SSL/TLS. This new OpenSSL version
is
On Fri, 9 Aug 2002, Rich Salz wrote:
The checksums were calculated using the following commands:
openssl md5 openssl-0.9.6f.tar.gz
openssl md5 openssl-engine-0.9.6f.tar.gz
Is there another md5/hash program that's readily available?
Cf: Thompson's reflections on trusting
C for md5 with a driver and test results is in RFC 1321, which is
available in so many public places that it's impossible to trojan.
Of course you need a compiler you trust, as Ken pointed out so long ago.
If I were that paranoid I'd rather trust a C compiler than Perl -
at least I can inspect
AARG!Anonymous wrote:
If only there were a technology in which clients could verify and yes,
even trust, each other remotely. Some way in which a digital certificate
on a program could actually be verified, perhaps by some kind of remote,
trusted hardware device. This way you could know
From: AARG!Anonymous [EMAIL PROTECTED]
An article on Salon this morning (also being discussed on slashdot),
http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html,
discusses how the file-trading network Gnutella is being threatened by
misbehaving clients. In response,
Anonymous wrote:
... the file-trading network Gnutella is being threatened by
misbehaving clients. In response, the developers are looking at limiting
the network to only authorized clients:
This is the wrong solution. One of the important factors in the
Internet's growth was that the IETF
Adam Back writes a very thorough analysis of possible consequences of the
amazing power of the TCPA/Palladium model. He is clearly beginning to
get it as far as what this is capable of. There is far more to this
technology than simple DRM applications. In fact Adam has a great idea
for how
I want to follow up on Adam's message because, to be honest, I missed
his point before. I thought he was bringing up the old claim that these
systems would give the TCPA root on your computer.
Instead, Adam is making a new point, which is a good one, but to
understand it you need a true picture
At 1:03 AM +0200 on 8/10/02, Some anonymous, and now apparently
innumerate, idiot in my killfile got himself forwarded to Mr. Leitl's
cream of cypherpunks list:
They will protect us from being able
to extend trust across the network.
As Dan Geer and Carl Ellison have reminded us on these
--
On 9 Aug 2002 at 17:15, AARG! Anonymous wrote:
to understand it you need a true picture of TCPA rather than the
false one which so many cypherpunks have been promoting.
As TCPA is currently vaporware, projections of what it will be,
and how it will be used are judgments, and are not
Re the debate over whether compilers reliably produce identical object
(executable) files:
The measurement and hashing in TCPA/Palladium will probably not be done
on the file itself, but on the executable content that is loaded into
memory. For Palladium it is just the part of the program
17 matches
Mail list logo