-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-04-06 at 11:59 -0700, Randall R Schulz wrote:
That's what cryptographic identity certificates are for. One would hope that if BitTorrent is going to be widely used to distribute critical resources such as software it would be endowed with the ability to propagate and verify these signatures.
Or does BitTorrent already incorporate certificate validation?
Tell me, when I download opensuse, using http, for instance, do I get such cryptographic certificates? I believe not. Not even if download from the novell site. However, you can publish the torrent initial link in a secure webserver (https), which means that you get the download site links and checksums from a certified source. The ensuing torrent download is thus certified. To duplicate that feat with http you require all mirror servers to use https. And FTP? No way. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGFp6gtTMYHG2NR9URAqT6AJ9Y0W/lIDT3nFkEX7JNwIT1ngkisQCffjIx EfSqj+TgVkIYaxsy4u250qU= =wEte -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org