Re: Crypto software that is exportable from the USA

To: debian-devel@lists.debian.org
Subject: Re: Crypto software that *is* exportable from the USA
From: Raul Miller <rdm@test.legislate.com>
Date: Sat, 23 Jan 1999 12:34:04 -0500
Message-id: <[🔎] 19990123123404.F30279@hazel>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 199901231724.KAA29859@eris.coyotesong.com>; from Bear Giles on Sat, Jan 23, 1999 at 10:24:27AM -0700
References: <[🔎] Pine.LNX.4.04.9901231636230.5289-100000@cericon.obsidian.co.za> <[🔎] 199901231724.KAA29859@eris.coyotesong.com>

Bear Giles <bear@coyotesong.com> wrote:
> The only thing resilient to compromised servers are cryptographically 
> signed cryptographic checksums.  Which requires PGP.  Which is not 
> exportable.  And which requires a "chain of trust" to evaluate
> whether to trust the key used to sign the checksum.

Actually...

for the case of a pre-planned upgrade, a simple md5sum check -- that
the downloaded file has a md5sum which matches an archive which has
already been examined and "seems clean" -- would be sufficient (at
least in terms of mechanical integrity).

-- 
Raul

Reply to:

Follow-Ups:
- Re: Crypto software that *is* exportable from the USA
  - From: Bear Giles <bear@coyotesong.com>

References:
- Crypto software that *is* exportable from the USA
  - From: Paul Sheer <psheer@obsidian.co.za>
- Re: Crypto software that *is* exportable from the USA
  - From: Bear Giles <bear@coyotesong.com>

Prev by Date: Re: Crypto software that *is* exportable from the USA
Next by Date: Re: Reality check! [was: Re: Debian goes big business?]
Previous by thread: Re: Crypto software that *is* exportable from the USA
Next by thread: Re: Crypto software that *is* exportable from the USA
Index(es):
- Date
- Thread

Re: Crypto software that *is* exportable from the USA

Re: Crypto software that is exportable from the USA