From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <111401c0f370$b770e5d0$e8b7c6d4@SOMA> From: "Boyd Roberts" To: <9fans@cse.psu.edu> References: <20010612142329.0404719A15@mail.cse.psu.edu> <01bf01c0f350$22f579e0$6401a8c0@freeze2k> Subject: Re: [9fans] help, i'm in a wet paper bag and I can't get out MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Tue, 12 Jun 2001 20:51:40 +0200 Topicbox-Message-UUID: b74fe64a-eac9-11e9-9e20-41e7f4b1d025 > Just giving it access only the domain it came from would suit me. > > esp. if that meant *.domainIcamefrom.com domains? well as long as they are derived from local 'secure' source rather that the DNS you're probably fairly safe. what rog was talking about seemed to be some PKI based code signing system. i think the PKI's unworkable. i'm not sure what the solution is, but it would be a lot more secure if you had the certificate of the signer on a chip card that you jam into your machine. gnarly problem, i think.