[153] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Thu Sep 29 13:22:38 1994
From: hallam@dxal18.cern.ch
To: tmplee@MR.Net (Theodore M.P. Lee), www-security@ns1.rutgers.edu
Cc: hallam@dxal18.cern.ch
In-Reply-To: Your message of "Wed, 28 Sep 94 15:34:12 CST."
<199409282032.PAA03101@riverside.mr.net>
Date: Thu, 29 Sep 94 11:07:46 +0100
Reply-To: hallam@dxal18.cern.ch
>OK. What about trojan horses in
>a) ncsa mosaic?
>b) ghostview?
>c) any or all of X?
>d) an http server?
>e) emacs/wordperfect/ms word?
>f) etc etc
This is why I think we need a standalone certificate scheme. The program may
reside on any server but has a certificate signed by the producer. Although
single rooted authentication hierarchies have problems most people would trust
the signature if signed by USGovt, MIT, W3O, AMEX and Peter Wright.
Phill.
