On 01/25/2003 4:26 AM, Leopold Toetsch wrote:
Just because it's possible to use a technology for evil doesn't mean you shouldn't create it. I think it would be quite useful to define a standard for signed PBC. It doesn't need to be complex; just define a new packfile section, SIGNATURE, that is defined to be a cryptographic signature of all sections previous to it in the file. (We'd have to exclude certian parts of the header, or otherwise work around chicken-and-egg problems with the signed header changing in the act of attaching the signature, but those are long-since-solved problems.)Nicholas Clark wrote:Also some way of storing a cryptographic signature in the file, so that you
could compile a parrot that automatically refuses to load code that isn't
signed by you.
The palladium parrot :)
In purticlar, it would be nice to be able to trust code written by myself and people I personaly trust, run CPAN code in checked mode, run code submited by users without access to create IO PMCs, and not run Micorosoft code at all.
A code signing standard would enable that. It's defining a trust model that doesn't let the user know what's actualy going on that we have to be wary of. (Even authenticating the host is potentialy useful... though I can't think of a good use.)
-=- James Mastros
