- From: Jonathon Tidswell <t-jont@microsoft.com>
- Date: Mon Apr 3 22:07:48 1995
- To: rrobbins@gdb.org, www-talk@www10.w3.org
Robert Robbins <rrobbins@gdb.org> wrote: | In a discussion about security issues associated with executing code or | binaries obtained over the net, | On Mon, 3 Apr 1995, Dan Connolly wrote: | | > The right answer is digitally signed distributions. Then only can | > you be certain that the bits have not changed since they left | > the author's hands. | | Doesn't this suggest some utility in extending the URN/URL concept to | include an optional computed checksum as part of the identifier? Verifying | perfect identity of what you are getting against what you thought you were | requesting has some value for materials other than programs, too. | | The checksum could be recomputed dynamically every time the file is | transferred (as checksums are now computed dynamically every time an IP | packet is placed on or taken from a communication medium). My initial reaction is it makes more sense for a new document type: signed-html. The viewers for signed-html then worry about authentuicating the signature and displaying proper messages etc. I dont think a checksum is part of either a name (URN) or a location (URL). - Jon PS Any citations, references or pointers to integrating security in programming languages appreciated. :-) Disclaimer: I am a postgraduate student on a scholarship not an employee of Microsoft ... I think my thoughts are my own and I believe my writings are too.
Received on Monday, 3 April 1995 22:07:48 UTC