[sldev] OpenID & SSL certificates

John Hurliman jhurliman at wsu.edu
Mon Oct 1 02:56:02 PDT 2007


Ryan McDougall wrote:
> Say that unless the viewer distributor places a digital signature on a
> LL server along with the name of the downloader's name, LL will pop up a
> warning that the viewer is not known to LL and may be adulterated.

As long as the adulterated viewer behaves and displays this warning to 
the user, right?

...

A users computer is acting as a proxy for the human to interact with 
other systems, and to do this there is an implicit trust that the users 
computer is accurately representing the user. In the current model of 
personal computers and the Internet this is a fundamental law, and no 
clever warning message or DRM system or UNIX permission model will ever 
change that law unless you change the model (ala Trusted Computing, 
which removes the implicit trust between the PC and the user).


More information about the SLDev mailing list