On Thu, 9 Sep 1999, Adam Back wrote: > > This general area of discussion -- software modification > authentication -- is a bit fuzzy: if you can modify the software you > can patch out the check of the signature (a correctly placed NOP is > known to do it). One of the things SET had right was including the fingerprint of the next (replacement or fallback) key in the cert. It would seem to be a simple matter to implement the way they did with the SET spec. The next key, of course, has to stored securely.