-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Friday 2007-04-06 at 11:59 -0700, Randall R Schulz wrote:
> That's what cryptographic identity certificates are for. One would hope
> that if BitTorrent is going to be widely used to distribute critical
> resources such as software it would be endowed with the ability to
> propagate and verify these signatures.
>
> Or does BitTorrent already incorporate certificate validation?
Tell me, when I download opensuse, using http, for instance, do I get such
cryptographic certificates? I believe not. Not even if download from the
novell site.
However, you can publish the torrent initial link in a secure webserver
(https), which means that you get the download site links and checksums
from a certified source. The ensuing torrent download is thus certified.
To duplicate that feat with http you require all mirror servers to use
https. And FTP? No way.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFGFp6gtTMYHG2NR9URAqT6AJ9Y0W/lIDT3nFkEX7JNwIT1ngkisQCffjIx
EfSqj+TgVkIYaxsy4u250qU=
=wEte
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
