[18273] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Steve Furlong)
Thu Aug 25 16:57:43 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 25 Aug 2005 16:31:01 -0400
From: Steve Furlong <demonfighter@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776F1E@rsana-ex-hq1.NA.RSA.NET>
On 8/25/05, Trei, Peter <ptrei@rsasecurity.com> wrote:
> Self-signed certs are only useful for showing that a given
> set of messages are from the same source - they don't provide
> any trustworthy information as to the binding of that source
> to anything.
Which is just fine. Pseudonymity is good.
If, hypothetically, I were interested in writing and distributing
cypto source code which skated right at the edge of current US export
regs, I might want to let users verify that the updates came from the
same source as the original, without giving them or any gov't
busybodies the ability to trace the code back to me.
--=20
There are no bad teachers, only defective children.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
