Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I disagree, on the grounds that the code can always be verified.


Verified can mean a lot of things.

It can mean it comes from a source your trust.

Or it can mean you trust it to do something that you know and only that.

Which one do you refer?

The only way to verify behavior of codes is to do source auditing yourself. Which is what our average Joes would not be able to do himself anyway, so you get back having to trust entities instead of behavior. Which in that case, we are either get back to CAs or trusting individual certs directly.


By whom?

Do you trust them?

If so, why not have them do the encryption rather than relying on untrusted code to do it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: