each recipient chooses mailserver to subscribe whose sig
you trust ....i.e. a distributed, heteroegenous system.
for exampl,e i dont really care about windows viruses in my mail since
i read mail on a unix system, so i would subscribe to a listserver
that signed windows executables and visual basic attacments as
ok....:-)
In message
<200101041508(_dot_)KAA02702(_at_)astro(_dot_)cs(_dot_)utk(_dot_)edu>, Keith
Moore typed:
second, if someone must send an executable attachment , then we have a
signing server that signs the attachment as trustworthy
and how, and using what criteria, would the signing server evaluate
the trustworthiness of the attachment?
e.g. I might consider an attachment that installed NetBSD on top
of an existing Windows system to be absolutely trustworthy
(so long as it did it's job well) and performing a valuable community
service, but others might not agree...
(they might insist that Linux be installed instead.)
Keith
cheers
jon