>Mike Sensney wrote:
> > I may be missing something, but I think Mark was thinking about some
> sort
> > of public/private key signature of the whole package, not the contents.
>
>Interesting, but what's the point?
??Not sure what you mean?? This is what Mark asked for in his message.
> > My thought is encrypt the package using a private key. That eliminates
> the
> > need for a signature file.
> >
> > package.lrp + private key --> encrypt --> package.crp
> > package.crp + public key --> decrypt --> package.lrp
>
>It doesn't eliminate the need for a signature file at all. The method
>you suggest does basically only two things:
>
>* verifies that the downloaded package is intact
>* verifies that the creator of the package is the expected creator
But this is all he needs.
Boot from a write protected floppy. Locate an available file server from a
server list on the floppy. Download the needed packages, decrypt using the
public key and load them. Finish the boot process. You should now be in a
known good initial state.
>My method (not at all incompatible, really!) does the following:
>
>* verifies that the FILES are intact - which could expose system
>compromises
>* "tracks" changes made to a package during operation
But it does not verify that the creator is the expected creator.
>My method also has the benefit of a small binary; a public key
>encryption system such as PGP requires a lot more space, as well as the
>input of a key. If you are booting the system, this may or may not be
>problematical; if the system is to be self-booting, then it is a BIG
>problem - the system will wait until someone comes to give the key.
Size of a public/private key decryption program might be a problem. Though
the encryption program does not have to be on a production box.
Mark stipulated that the public key will be on the floppy and the floppy
will be write protected. Therefore there should not be any need for key
input during the boot process.
>Interesting idea, anyway.... hmm...
>
>PS: I trust this is *NOT* HTML-encoded... I hope...
I'm using Eudora version 5.0.2 and I can't tell for sure if I'm using HTML.
I think/hope I have HTML on send turned off. :)
</x-flowed>
