From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
Message Hash: 201bf349c93ee4a313dac8235180376be26c1da2b852c64599a0b84f2d32e4f3
Message ID: <Pine.GUL.3.93.960425164813.27532L-100000@Networking.Stanford.EDU>
Reply To: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
UTC Datetime: 1996-04-26 00:00:40 UTC
Raw Date: Thu, 25 Apr 1996 17:00:40 -0700 (PDT)
From: Rich Graves <llurch@networking.stanford.edu>
Date: Thu, 25 Apr 1996 17:00:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.SOL.3.91.960425162433.22627B-100000@chivalry>
Message-ID: <Pine.GUL.3.93.960425164813.27532L-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 25 Apr 1996, Simon Spero wrote:
> On Thu, 25 Apr 1996, Bill Frantz wrote:
>
> > At 10:47 PM 4/24/96 -0700, Rich Graves wrote:
> > >code safely. I'm sorry, I'm just not interested in running untrusted
> > >code. Give me digitally signed code that I can trust, or for which
> > >the author can at least be held accountable, and I'll be happy.
> >
> > I, for one, am interested in running untrusted code. If I can run
> > untrusted code, I can greatly reduce my exposure to Trojan horses and bugs.
> > It bothers me that if I run Microsoft Word, it can trash my MacWrite
>
> Both policies make sense in different circumstances; however,
> refusing to run unsigned code, even though it reeks of FUCKING STATISM is
It doesn't have to, reek I mean. By "held accountable" I mean by me, the
user, not the coercive power of the FUCKING STATE.
For me, the digital signatures would not be the imprimatur of "good, safe
code." The digital signature would mean, "Rich Graves <rich@c2.org>
accepts blame for this code." Or "This code is an official (or whatever
the unofficial official unofficial word would be) part of the GNU
project." Or "The Black Unicorn nym says 'Two Thumbs Up.'" Or "This is an
accurate copy of the code discussed on comp.windows.emulators.wine."
In my fantasy world, signatures would be verified by the web of trust, not
the FUCKING STATE or FUCKING MICROSOFT.
I guess "trusted" isn't the right word, thanks. I don't "trust" anything
that comes from Microsoft to be bug-free. I do expect it to be free from
exogenous viruses and trojans, though, so that the bugs would be
reproducible, and have a chance of being fixed.
In my fantasy world, I'm not asking you to verify signatures every time
you run something. Maybe you can tune how often you want stuff checked, so
you have a tradeoff between security and performance.
Sort of like COPS or Tripwire, but transparent to the user.
-rich
Return to April 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”