Read Bruce Schneier's Applied Cryptography was Re: One more time, SSL vs GPG

S. Alexander Jacobson alex at alexjacobson.com
Thu May 19 12:27:51 EDT 2005


I've read the book.  I understand crypto well enough.  Perhaps you 
could answer a simple question:

   If I query Hackage for a package URL, what assurance do I have that
   the URL I receive is actually correct?

Note, I am NOT asking how you authenticate the content retrieved from 
that URL.  I am asking how you know the URL itself is correct?

-Alex-

______________________________________________________________
S. Alexander Jacobson tel:917-770-6565 http://alexjacobson.com







On Thu, 19 May 2005, Shae Matijs Erisson wrote:

> "S. Alexander Jacobson" <alex at alexjacobson.com> writes:
>
>> GPG secures documents, not interactions.
>> SSL secures interactions, not documents
>> Hackage is an interaction not a document.
>> Therefore, SSL can secure Hackage, but GPG can't.
>
> I suggest you read Bruce Schneier's book Applied Cryptography.
> I hope that will unconfuse you.
> For more information on the book -  http://schneier.com/book-applied.html
> It's an excellent book, I read it when I had a job implementing RFC3161.
> -- 
> It seems I've been living two lives. One life is a self-employed web developer
> In the other life, I'm shapr, functional programmer.  | www.ScannedInAvian.com
> One of these lives has futures (and subcontinuations!)|  --Shae Matijs Erisson
>
> _______________________________________________
> Libraries mailing list
> Libraries at haskell.org
> http://www.haskell.org/mailman/listinfo/libraries
>



More information about the Libraries mailing list