[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly



-----BEGIN PGP SIGNED MESSAGE-----

At 03:19 PM 11/5/97 -0700, Bob Jueneman wrote:
>I didn't develop an appreciation for MASH until too late, and must have
>missed that episode.  What happened?

I've answered this already.  It's not just one episode.

>Although I believe (and have stated on the DIGSIG list) that the likelyhood
>that someone's software (at least on his own machine) would be successfully
>hacked so that it would display a document other than what was signed
>without detection (a self-healing virus, in other words) to be negligible
>compared to other threats, it is of course a theoretic possibility that
>ought to be addressed.  Word macro viruses, PostScript viruses, and of
>course ActiveX/Java viruses all come to mind as severe opportunities for
>someone to solve if there is an adequate market.

Comparison of likelihood of threats is yet another place for reasonable 
people to disagree.  However, I find it odd that folks would pay attention 
to whether MD5 can yield collisions under certain laboratory conditions and 
therefore abandon it, but won't pay attention to software attacks or, even 
sillier, to human mistakes (e.g., using a global name as if they knew what 
it meant).  Of course, it's an old phenomenon:  people will pay attention to 
what they understand and/or can control and slough off anything out of their 
control.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNG/TvBN3Wx8QwqUtAQFyyQQAhvR/p/d58094MgYeWHmMbDPDw9a4g43E
xYYIuUJ6uv4bJlCRmcifV6OyaW1Ch0LRjLEPAPYqBMly0BJ6kfAv/DnTBrs8HsUu
oWXR/uTD9iqZcFydV9G1zsnp6uMmFbLCRL0ul8oYfY9TQHaLgk15hRxjx3vJEqkf
A4l1lPiCHwI=
=Bok1
-----END PGP SIGNATURE-----

References: