From: pcw@access.digex.net (Peter Wayner)
Date: Tue, 24 Oct 95 11:21:08 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: Does your software?
Message-ID: <acb2e00c09021004a7ac@[199.125.128.5]>
MIME-Version: 1.0
Content-Type: text/plain



>My get-only server is available in source form, is 80 lines long and
>thus easily understood, has been shown to meet security properties, is
>now in the process of being mathematically proven to meet those
>properties, and is published in a refereed journal which can be used to
>confirm its contents in detail.  Hence, I do provide secure distribution
>through purely physical means.
>
Uh, proofs only go so far. There was one Cornell CS professor who was a
real devotee of "proving" your programs correct. He even published one of
his proofs in a "refereed" journal. Big whoop. It still had an error.

Proofs can help identify flaws, but they can never rule out all flaws.
That's why their name is so bogus. I wouldn't be surprised if you could
prove that the Finger daemon, which is sort of like a really low-level
GET-ONLY HTTP server, is also safe. In fact, your math proving ability
could probably even prove the pre-Robert Morris finger daemon is safe and
secure. If programmers don't think of preventing finger requests longer
that 512 bytes then why should the head-in-the-clouds program provers?

- Peter


>--
>-> See: Info-Sec Heaven at URL http://all.net
>Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

P.S. "FC" is your log in and "FC is found inscribed in the writings of the
Unabomber. Coincidence?