- From: Robert Robbins <rrobbins@gdb.org>
- Date: Mon, 3 Apr 1995 07:56:58 -0400 (EDT)
- To: Multiple recipients of list <www-talk@www10.w3.org>
- Cc: Dan Connolly <connolly@w3.org>, Robert Robbins <rrobbins@gdb.org>
In a discussion about security issues associated with executing code or binaries obtained over the net, On Mon, 3 Apr 1995, Dan Connolly wrote: > The right answer is digitally signed distributions. Then only can > you be certain that the bits have not changed since they left > the author's hands. Doesn't this suggest some utility in extending the URN/URL concept to include an optional computed checksum as part of the identifier? Verifying perfect identity of what you are getting against what you thought you were requesting has some value for materials other than programs, too. The checksum could be recomputed dynamically every time the file is transferred (as checksums are now computed dynamically every time an IP packet is placed on or taken from a communication medium).
Received on Monday, 3 April 1995 08:07:06 UTC