W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

trusted sources

From: Robert Robbins <rrobbins@gdb.org>
Date: Mon, 3 Apr 1995 07:56:58 -0400 (EDT)
To: Multiple recipients of list <www-talk@www10.w3.org>
Cc: Dan Connolly <connolly@w3.org>, Robert Robbins <rrobbins@gdb.org>
Message-Id: <Pine.3.07.9504030757.B1428-a100000@dev.gdb.org>

In a discussion about security issues associated with executing code or
binaries obtained over the net,

On Mon, 3 Apr 1995, Dan Connolly wrote:

> The right answer is digitally signed distributions. Then only can
> you be certain that the bits have not changed since they left
> the author's hands.

Doesn't this suggest some utility in extending the URN/URL concept to
include an optional computed checksum as part of the identifier? Verifying
perfect identity of what you are getting against what you thought you were
requesting has some value for materials other than programs, too.  

The checksum could be recomputed dynamically every time the file is
transferred (as checksums are now computed dynamically every time an IP
packet is placed on or taken from a communication medium). 
Received on Monday, 3 April 1995 08:07:06 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC