[16873] in cryptography@c2.net mail archive
Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
daemon@ATHENA.MIT.EDU (Taral)
Thu Feb 10 13:30:15 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 9 Feb 2005 17:04:26 -0600
From: Taral <taral@taral.net>
To: Ian G <iang@systemics.com>
Cc: Amir Herzberg <herzbea@macs.biu.ac.il>, cryptography@metzdowd.com
In-Reply-To: <420A7BDD.7020101@systemics.com>
--ftEhullJWpWg/VHq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Feb 09, 2005 at 09:08:45PM +0000, Ian G wrote:
> The plugin is downloadable from a MozDev site,
> and presumably if enough attention warrants it,
> Amir can go to the extent of signing it with a
> cert in Mozilla's code signing regime.
That only authenticates that Amir wrote the code, not that the code is
safe.
> Also, as Amir is a relatively well known name in
> the world of crypto I suppose you could consider
> his incentives to be more aligned with delivering
> good code than code that would do you damage.
*This* is a reasonable argument, but I'd prefer a second-party review
before I install anything.
Then again, the only extension I have installed (FlashGot), I manually
checked myself.
--=20
Taral <taral@taral.net>
This message is digitally signed. Please PGP encrypt mail to me.
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
--ftEhullJWpWg/VHq
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD4DBQFCCpb6tOVKlL8cHDcRAs29AJj7Y9nFOZ3HRbsdn0bN1g3atSgLAJ9fDRlP
HEJHnuLq+GLbvG6McnjOaQ==
=zOJl
-----END PGP SIGNATURE-----
--ftEhullJWpWg/VHq--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
