At 15.17 -0400 0-05-22, Keith Moore wrote:
I would hope that any software I use, that is able to put my digital
signature on some data, would ask me for my pass-phrase every time
my private key is used.
and I would hope that any software I used would not offer to execute
content that could have harmful side effects, without first warning
me in very clear language that this could happen.
software in the real world rarely does all that is hoped for.
That would mean that every time you execute any program, you would
have to get an analysis of its possible harmful effects and decide
whether to accept it. Possibly, the system could be designed so
that a checksum is stored with every executable program, and you
do not have to answer this question if the checksum has not
changed since the last time you executed the same program.
Unfortunately, it is not always easy to avoid executing programs
with harmful content. Especially troublesome are installation
programs, which very often install things you do not want (such
as older versions of software you already have newer versions of,
or modules you do not want). America Online is especially well-
known for this, and unfortunately, since they bought Netscape,
they have added unwanted installation also to Netscape itself.
--
Jacob Palme <jpalme(_at_)dsv(_dot_)su(_dot_)se> (Stockholm University and KTH)
for more info see URL: http://www.dsv.su.se/jpalme/