|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Christian Biere (christianbiere_at_gmx.de)
Date: Tue Oct 15 2002 - 13:32:33 CDT
wrstuden
netbsd.org (Bill Studenmund) wrote:
> On Tue, 15 Oct 2002, Brett Lymn wrote:
>
> > On Mon, Oct 14, 2002 at 06:10:44PM +0200, Alan Barrett wrote:
> >
> > 1) secure exec
> > 2) trusted exec
> > 3) verified exec
> I think verified exec is best, but it is a mouthful. How about V exec or
> Vexec, where V is for verified? :-)
I think all three variants might imply something wrong. Whether you
verified the exec or not cannot be expressed by the fingerprint. I'd
suggest something like 'frozen exec': With the fingerprint you tell the
system to execute the exec with *this* pathname and *this* hash. Sounds
like a 'code freeze' for me. You might still not trust it and use chroot,
systrace or whatever. IMHO anything which is far more complex than
helloworld.c will ever be 100% secure that's why I think 'secure exec'
promises too much.
Just my 0.02 euros,
Christian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (NetBSD)
iD8DBQE9rF9N0KQix3oyIMcRAl6sAJ95aDLLwyAY+b7V6ZojOoQsSHWebwCeNnCA
7wJEbBB9x2H5ihcTaaSuLRo=
=C9hm
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]