1995-10-03 - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!)

Header Data

From: jsw@neon.netscape.com (Jeff Weinstein)
To: cypherpunks@toad.com
Message Hash: bd1b5f651cb8135174fcb2e5413541edf0bd65420029643392f3af314853ca0e
Message ID: <44qlhk$igc@tera.mcom.com>
Reply To: <9510030147.AA15570@dmsd.com>
UTC Datetime: 1995-10-03 06:34:59 UTC
Raw Date: Mon, 2 Oct 95 23:34:59 PDT

Raw message

From: jsw@neon.netscape.com (Jeff Weinstein)
Date: Mon, 2 Oct 95 23:34:59 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
In-Reply-To: <9510030147.AA15570@dmsd.com>
Message-ID: <44qlhk$igc@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <9510030248.AA08909@hplyot.obspm.fr>, dl@hplyot.obspm.fr (Laurent Demailly) writes:
> 
> On the topic of risks for a "major browser" to be tempered/targetted
> as a virus :
>
> I asked monthes ago netscape folks to make md5sum and/or PGP digital
> signatures (preferably md5sum of each files, this in a file, itself
> pgp signed) of the binaries available on their page and on relevant 
> newsgroup to reduce possibility of tempering.
> 
> [ok it won't help mythical joe six pack's but...]
> 
> Maybe I'll got more luck calling from here :-)

  I've been thinking about this recently for obvious reasons.  My concern
is that if someone can attack your download of netscape, they could also
attack your download of the program that validates netscape.  Is there
really any way out of this one?

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

Thread

• Return to October 1995

• Return to “Derek Atkins <warlord@MIT.EDU>”
• Return to “jbass@dmsd.com (John L. Bass)”
• Return to ““Jeff Weinstein” <jsw@netscape.com>”
• Return to “Jiri Baum <jirib@sweeney.cs.monash.edu.au>”
• Return to “jsw@neon.netscape.com (Jeff Weinstein)”
• Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
• Return to “Rick Busdiecker <rfb@lehman.com>”

• Return to “sameer <sameer@c2.org>”

• 1995-10-03 (Mon, 2 Oct 95 18:48:00 PDT) - Re: NetScape’s dependence upon RSA down for the count! - jbass@dmsd.com (John L. Bass)
  • 1995-10-03 (Mon, 2 Oct 95 19:48:34 PDT) - Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - Laurent Demailly <dl@hplyot.obspm.fr>
  • 1995-10-03 (Mon, 2 Oct 95 23:34:59 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - jsw@neon.netscape.com (Jeff Weinstein)
  • 1995-10-03 (Tue, 3 Oct 95 10:20:40 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - Laurent Demailly <dl@hplyot.obspm.fr>
  • 1995-10-03 (Tue, 3 Oct 95 14:07:15 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - “Jeff Weinstein” <jsw@netscape.com>
    • 1995-10-04 (Tue, 3 Oct 95 17:29:31 PDT) - Strong authentication for Netscape distributions - Rick Busdiecker <rfb@lehman.com>
    • 1995-10-04 (Tue, 3 Oct 95 18:23:46 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - Derek Atkins <warlord@MIT.EDU>
    • 1995-10-04 (Tue, 3 Oct 95 19:20:58 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - Jiri Baum <jirib@sweeney.cs.monash.edu.au>
      • 1995-10-04 (Tue, 3 Oct 95 20:06:30 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - sameer <sameer@c2.org>