l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 May 17 09:13

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] MD5 Checksums and Public Downloading
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] MD5 Checksums and Public Downloading

Quoting Micah Cowan (micah@cowan.name):

> No, I don't.  I mean a PGP signature, as described by the RFC 1991. 
> Actually, though, if I'd wanted to be *really* accurate, I'd have said
> "OpenPGP" signature (RFC 2440, which is more up-to-date and open).  I'm
> referring to an open message format. I specifically avoided "GnuPG"
> because that would restrict me to only one implementation.  

Wow, that's an impressively fancy way of ignoring my point.  Hand the
man a cigar.

> (not to mention that there are still people who use the "dead" Network
> Associates product).

I believe you mean dead _proprietary_ NetAss product.  ;->

> Please justify this statement.

Please offer to pay me for my time.

>> 3.  For those GnuPG signatures to be useful for authentication requires
>> a raft of other things, including reliable distribution of public keys
>> and/or an extensive web of trust.
> Not necessarily.  Without those things, it is true that verifying a
> signature provides no guarantee that it has not been tampered with (you
> can't be certain you hold the right key); however, it makes it much
> easier to know for *certain* that it *has* been tampered with.

Was there a specific part of the phrase "useful for authentication" that
you had a problem with?

I think we're done.

Cheers,     "Learning Java has been a slow and tortuous process for me.  Every 
Rick Moen   few minutes, I start screaming 'No, you fools!' and have to go
rick@linuxmafia.com       read something from _Structure and Interpretation of
            Computer Programs_ to de-stress."   -- The Cube, www.forum3000.org
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.