> > >How can you verify that a remote computer is the "real thing, doing > >the right thing?" > > You cannot.
Using a high-end secure coprocessor (such as the 4758, but not with a flawed application) will raise the threshold for the adversary significantly. No, there are no absolutes. But there are things you can do. > The correct security approach is to never give a remote machine > any data that you don't want an untrusted machine to have. So you never buy anything online, or use a medical facility that uses computers? -- Sean W. Smith, Ph.D. [EMAIL PROTECTED] http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]