Read Bruce Schneier's Applied Cryptography was Re: One more time, SSL vs GPG

S. Alexander Jacobson alex at
Thu May 19 12:27:51 EDT 2005

I've read the book.  I understand crypto well enough.  Perhaps you 
could answer a simple question:

   If I query Hackage for a package URL, what assurance do I have that
   the URL I receive is actually correct?

Note, I am NOT asking how you authenticate the content retrieved from 
that URL.  I am asking how you know the URL itself is correct?


S. Alexander Jacobson tel:917-770-6565

On Thu, 19 May 2005, Shae Matijs Erisson wrote:

> "S. Alexander Jacobson" <alex at> writes:
>> GPG secures documents, not interactions.
>> SSL secures interactions, not documents
>> Hackage is an interaction not a document.
>> Therefore, SSL can secure Hackage, but GPG can't.
> I suggest you read Bruce Schneier's book Applied Cryptography.
> I hope that will unconfuse you.
> For more information on the book -
> It's an excellent book, I read it when I had a job implementing RFC3161.
> -- 
> It seems I've been living two lives. One life is a self-employed web developer
> In the other life, I'm shapr, functional programmer.  |
> One of these lives has futures (and subcontinuations!)|  --Shae Matijs Erisson
> _______________________________________________
> Libraries mailing list
> Libraries at

More information about the Libraries mailing list