1998-01-19 - Re: how to release code if the programmer is a target for (fwd)

Header Data

From: Jim Choate <ravage@ssz.com>
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Message Hash: c6f9a6fb33e3c8aa104bc161615c8f7bb7a0aea19be79d8ab624bf9e08113d80
Message ID: <199801190056.SAA19276@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1998-01-19 00:26:05 UTC
Raw Date: Mon, 19 Jan 1998 08:26:05 +0800

Raw message

From: Jim Choate <ravage@ssz.com>
Date: Mon, 19 Jan 1998 08:26:05 +0800
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: how to release code if the programmer is a target for (fwd)
Message-ID: <199801190056.SAA19276@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:

> Date: Sun, 18 Jan 1998 15:15:22 -0600 (CST)
> From: "Uhh...this is Joe [Randall Farmer]" <rfarmer@HiWAAY.net>
> Subject: Re: how to release code if the programmer is a target for (fwd)

> > Where does this random user come from? 
> 
> Why does it matter? As long as she's competent enough to choose good verifiers
> and verify that those verifiers verified the code in question, it all works out
> in the end. 

Because whether she is a honest user or one who is intent on subverting the
system is relevant and must be taken into account.

> We don't. There is no way to operate without *some* trust;

I disagree. I believe it is possible to create a system which is secure and
provably so, irrespective of something as nebulous as 'trust'.

> Might be, but this code has to be more than just understood -- it must be
> painstakingly checked for subtle flaws and bugs. Welcome to the world of
> adversarial quality control.

Been there it's part of what I do for a living, it's fun.

> > Which doesn't effect the ability of Mallet to resign that code at the users
> > end in order to break the users local security.
> 
> Unless you're exposing a new weakness in the trust model PGP uses, Mallet can't
> do that, providing the user has done good key authentication and hasn't listed
> one of Mallet's goons as a trusted code-verifier.

This is true if Mallet is attacking the key system, it is not strictly true
if Mallet is attacking a specific user.

> Yup, that's why the user has to check it by hand.

Then the Eternity model is doomed to fail. 90%+ of users who might want to
use a data haven model don't have a clue as to how it works or how to
actualy check it.

> Well, if you can't verify it yourself and you can't trust other people to
> verify it, my advice is to give up; you cannot be sure of *any* public keys 

I disagree, though I am not able to prove it at this time.

> keys; any sig you check might be signed by one of Mallet's keys.

My point exactly.

As with Adam, it feels like we are beginning to go around and around with
nothing new to add. I would suggest that we drop the issue for the moment
and come back to it at a later time with a little more reflection.


    ____________________________________________________________________
   |                                                                    |
   |       The most powerful passion in life is not love or hate,       |
   |       but the desire to edit somebody elses words.                 |
   |                                                                    |
   |                                  Sign in Ed Barsis' office         |
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http://www.ssz.com/   |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 ravage@ssz.com     |
   |                                                  512-451-7087      |
   |____________________________________________________________________|






Thread