Re: [vox] MD5 Checksums and Public Downloading
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] MD5 Checksums and Public Downloading
Quoting Micah Cowan (micah@cowan.name):
> No, I don't. I mean a PGP signature, as described by the RFC 1991.
> Actually, though, if I'd wanted to be *really* accurate, I'd have said
> "OpenPGP" signature (RFC 2440, which is more up-to-date and open). I'm
> referring to an open message format. I specifically avoided "GnuPG"
> because that would restrict me to only one implementation.
Wow, that's an impressively fancy way of ignoring my point. Hand the
man a cigar.
> (not to mention that there are still people who use the "dead" Network
> Associates product).
I believe you mean dead _proprietary_ NetAss product. ;->
> Please justify this statement.
Please offer to pay me for my time.
>> 3. For those GnuPG signatures to be useful for authentication requires
>> a raft of other things, including reliable distribution of public keys
>> and/or an extensive web of trust.
>
> Not necessarily. Without those things, it is true that verifying a
> signature provides no guarantee that it has not been tampered with (you
> can't be certain you hold the right key); however, it makes it much
> easier to know for *certain* that it *has* been tampered with.
Was there a specific part of the phrase "useful for authentication" that
you had a problem with?
I think we're done.
--
Cheers, "Learning Java has been a slow and tortuous process for me. Every
Rick Moen few minutes, I start screaming 'No, you fools!' and have to go
rick@linuxmafia.com read something from _Structure and Interpretation of
Computer Programs_ to de-stress." -- The Cube, www.forum3000.org
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
|
