From: "Mark M." <markm@voicenet.com>
Date: Sun, 31 Mar 1996 20:02:09 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto CD UpDate
In-Reply-To: <199603301639.IAA16075@netcom9.netcom.com>
Message-ID: <Pine.LNX.3.92.960330214919.1625A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 30 Mar 1996, Bill Frantz wrote:

> At  8:36 PM 3/28/96 +0100, JR@ns.cnb.uam.es wrote:
> >        I may -or not- trust the people at unimi, but would I also trust
> >a lot of intermediate people putting up together a CD-ROM? For that sake,
> >and considering the costs of storage and removable storage media, I'd
> >bet many people would find more useful to download their copies from
> >the net (even once a year only) as I did.
>
> If pieces of the source/executable are digitally signed, you have a basis
> for some degree of trust.  (My pgp came with a detached signature.  A bit
> self-referental, but at least a start.)

It depends where the person who signed the program is in the web of trust.
I rarely find that the cooresponding public key for a digital signature is
signed by someone that I trust and that I know that that public key belongs
to whom it says it belongs.  Without trust, a digital signature is completely
worthless.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMV3zobZc+sv5siulAQHHgAQAqBcay46jx0/ez+Cz1vsjZjpWacurf3II
Oj3u29DrmuTTMk3su51Dc8oQfqF39xS6k1b5EZY/0wqC8fGumItasmwVYZFcILGl
dVO/DyAbuvmud4CamwGtTvmDDL+7Y8mojnLFHyGL7ht1JUasz0oM6EaxJyRIksjx
tSwsRj54D8w=
=MxYS
-----END PGP SIGNATURE-----