gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: signatures and checking


From: Tom Lord
Subject: Re: [Gnu-arch-users] Re: signatures and checking
Date: Mon, 26 Jan 2004 19:24:22 -0800 (PST)

    > From: Andrew Suffield <address@hidden>

    > Clients that are not checking signatures are only interested in
    > checksums for integrity checking against random bit errors; they
    > have no defences at all against hostile attackers. So exploits
    > of this form are not very interesting - there are much easier
    > ways to exploit these clients.

What I would like to support (that contradicts that) can be summarized
as:

If my archive is bitwise-identical to yours, and you have checked
signatures, and I trust that you've checked signatures, then I don't
need to check signatures.

That means that what you (the signature checker) see for checksum data
and what I (the non-signature checker) see for that data must be the
same.

-t





reply via email to

[Prev in Thread] Current Thread [Next in Thread]