W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

RE: trusted sources

From: Jonathon Tidswell <t-jont@microsoft.com>
Date: Mon Apr 3 22:07:48 1995
Message-Id: <9504040107.AA27238@netmail.microsoft.com>
To: rrobbins@gdb.org, www-talk@www10.w3.org

 Robert Robbins  <rrobbins@gdb.org> wrote:

| In a discussion about security issues associated with executing code or
| binaries obtained over the net,

| On Mon, 3 Apr 1995, Dan Connolly wrote:
|
| > The right answer is digitally signed distributions. Then only can
| > you be certain that the bits have not changed since they left
| > the author's hands.
|
| Doesn't this suggest some utility in extending the URN/URL concept to
| include an optional computed checksum as part of the identifier? Verifying
| perfect identity of what you are getting against what you thought you were
| requesting has some value for materials other than programs, too.
|
| The checksum could be recomputed dynamically every time the file is
| transferred (as checksums are now computed dynamically every time an IP
| packet is placed on or taken from a communication medium).

My initial reaction is it makes more sense for a new document type: 
signed-html.
The viewers for signed-html then worry about authentuicating the signature and
displaying proper messages etc.
I dont think a checksum is part of either a name (URN) or a location (URL).

- Jon

PS Any citations, references or pointers to integrating security in 
programming languages appreciated. :-)

Disclaimer:
I am a postgraduate student on a scholarship not an employee of Microsoft ...
I think my thoughts are my own and I believe my writings are too.
Received on Monday, 3 April 1995 22:07:48 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC