From: Rick Busdiecker <rfb@lehman.com>
To: Jeff Weinstein <jsw@netscape.com>
Message Hash: 2f2c238a87bcdf881f340a1dc6e01c1be7a048013afc7eb59919896f82d87a85
Message ID: <9510040026.AA18012@cfdevx1.lehman.com>
Reply To: <9510031403.ZM151@tofuhut>
UTC Datetime: 1995-10-04 00:29:31 UTC
Raw Date: Tue, 3 Oct 95 17:29:31 PDT
From: Rick Busdiecker <rfb@lehman.com>
Date: Tue, 3 Oct 95 17:29:31 PDT
To: Jeff Weinstein <jsw@netscape.com>
Subject: Strong authentication for Netscape distributions
In-Reply-To: <9510031403.ZM151@tofuhut>
Message-ID: <9510040026.AA18012@cfdevx1.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
From: Jeff Weinstein <jsw@netscape.com>
Date: Tue, 3 Oct 1995 14:03:28 -0700
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
. . .
Yes, I get the idea about spewing the signed hashes everywhere. The
problem I have is with the user of PGP. That will help cypherpunks,
but does absolutely nothing for most of our millions of users, who
have no idea what PGP is. Perhaps its enough to assume that if anyone
is tampering with the distribution, some cypherpunk will stumble across
it...
I suspect that most of these millions don't know about md5 or much of
anything in the way of strong authentication. However, if you provide
any sure-fire mechanism by which someone could detect that the
distribution has been tampered with, it would be an improvement over
not having any. If someone does happen to notice tampering and send
mail to cypherpunks about it, I'd guess that there's a good chance it
would be reported in major publications shortly thereafter.
You might want to indirect through BETSI . . . .
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMHHUeZNR+/jb2ZlNAQHVCQP8CBb5c/0nX41awTf/kt+gGODu4qLcJVI8
rc604+rdr0YUFPVTStwXdUCg7gKgUTOC8werBPK5Dgyse/8u1jczU4Czub9Cd693
EfUW7o2oHN5/3x9E0Yn1rJD+ffwuGC+lf1EMBJMHsTwJzbPmy0FJPfyfyDlvWrDD
OQDsJ5DbOHU=
=s/t0
-----END PGP SIGNATURE-----
--
Rick Busdiecker Please do not send electronic junk mail!
net: rfb@lehman.com or rfb@cmu.edu PGP Public Key: 0xDBD9994D
www: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/rfb/http/home.html
send mail, subject "send index" for mailbot info, "send pgp key" gets my key
A `hacker' is one who writes code. Breaking into systems is `cracking'.
Return to October 1995
Return to “sameer <sameer@c2.org>”