On Sun, Apr 01, 2007 at 06:05:37PM -0400, mark at mark.mielke.cc wrote: > > The underlying point here, is that it is *not possible* to 100% > guarantee that the client is legitimate unless you can control the > software and hardware on the client. > > Sorry if this point isn't of concern to you, or if I confused the > issue in any way. :-) I understood your points in your original response and this followup response. You and I disagree on the intended use of RES-RSA within the scope of the Netrek binary verification system and the intended scope of the system itself. It makes any subsequent contentions moot. In any event, we do agree that the system is clearly weak and can easily be circumvented.