Crypographically Strong Software Distribution HOWTO

Bill Frantz frantz at pwpconsult.com
Mon Jul 2 19:44:55 EDT 2001 

>I've written a HOWTO on the cryptographically strong distribution
>of computer software.  Any constructive criticism would be
>appreciated. I hope to standardize the use of this model in
>the GNU/Linux free software community.
>
>You can find the HOWTO here:
>
>http://www.cryptnet.net/fdp/crypto/strong_distro.html
>
>
>Thanks,
>
>	- VAB

I have another quibble with what is a really good start on a HOWTO.

You say in your section on anonymous software development groups,
"The identity of the maintainer is established through the possession
of the secret key of a project key pair, therefore possession of the
secret key could be presented as proof in a courtroom as evidence
that an individual is a maintainer or developer in a Guerrilla
development project. This evidence would be very difficult to refute
in court. The only possible argument that could be used to deny
authorship would be to state the the secret key was stolen. However,
              typeo =======> that
the theft of a secret key suggest other felony crimes where
committed. To a lesser extent, possession of the revocation
certificate has similar ramifications."

If the secret key and/or revocation certificate was widely distributed, say
by being posted to the cypherpunks mailing list, it seems unlikely that
mere possession would constitute strong proof of membership in the
development group.

If the key becomes widely distributed, the development group must
immediately take steps to establish the reputation of a new key.  There
might be an interesting scramble between the development group, and other
group(s) wishing to obtain the reputation of the development group.

Cheers - Bill




-------------------------------------------------------------------------
Bill Frantz           | The principle effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list