To close this chapter, we note that there are other ways of signing code to make it trustworthy. For example, for many years, PGP signature certificates have been used for validating programs and announcements distributed over the Internet. There are a few drawbacks to using PGP in this way. Because support for PGP is not built into web servers and browsers, the signature signing and verification must be done as a two-step process. A second drawback is that PGP signatures cannot use the public key infrastructure developed for use with web browsers. A benefit of the use of PGP is that any kind of file, document, or program can be signed with PGP, as PGP signatures can be “detached” and saved in separate locations.

As another alternative, the World Wide Web Consortium’s DSig initiative has proposed using PICS 1.1 labels as a tool for digital signatures. Information can be found at http://www.w3.org/pub/WWW/Security/DSig/Overview.html.