From: JR@ns.cnb.uam.es
Date: Mon, 1 Apr 1996 06:23:17 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
Message-ID: <960331195402.204003bd@ROCK.CNB.UAM.ES>
MIME-Version: 1.0
Content-Type: text/plain


>If pieces of the source/executable are digitally signed, you have a basis
>for some degree of trust.  (My pgp came with a detached signature.  A bit
>self-referental, but at least a start.)
>
>Regards - Bill

	Agreed, but it imposes further restrictions: it's OK if you
can put PGP digitally signed by prz, but not all packages will be
available signed from their authours, especially compiled for various
platforms.

	OTOH, most unknowledgeable people will trust almost anything
(they are already doing so when downloading java applets). And it would
do a great work to spread knowledge about cryptography. Which is a
Good Thing.

	All in all, I think it is a good idea, but addressing the
general public will require quite some work, and the 'connoisseurs'
might either do as Tim (only use the net) or just make their own
mass-store, removable, thingies. Stil I'd bet many people will be
eager to get a mirror of the major sites on CD.

				jr