From: patrick@Verity.COM (Patrick Horgan)
To: jsw@neon.netscape.com
Message Hash: 395784dd7ca3d03975076b84a0dae65d23c49980c68b7e1d9785d10d31c73174
Message ID: <9510031656.AA00760@cantina.verity.com>
Reply To: N/A
UTC Datetime: 1995-10-03 17:00:06 UTC
Raw Date: Tue, 3 Oct 95 10:00:06 PDT
From: patrick@Verity.COM (Patrick Horgan)
Date: Tue, 3 Oct 95 10:00:06 PDT
To: jsw@neon.netscape.com
Subject: Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape's dependence upon RSA down for the count!)
Message-ID: <9510031656.AA00760@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain
>
> I've been thinking about this recently for obvious reasons. My concern
> is that if someone can attack your download of netscape, they could also
> attack your download of the program that validates netscape. Is there
> really any way out of this one?
>
> --Jeff
I remember sometime in the last couple of years seeing a cert advisory that
said that people's checksumming programs were being replaced by ones that
did the normal checksumming except on compromised programs. This was part
of one particular attack as I remember.
Patrick
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| patrick@verity.com 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/
Return to October 1995
Return to “patrick@Verity.COM (Patrick Horgan)”
1995-10-03 (Tue, 3 Oct 95 10:00:06 PDT) - Re: Netscape finally issuing md5sums/pgp signed binaries ? (was Re: NetScape’s dependence upon RSA down for the count!) - patrick@Verity.COM (Patrick Horgan)