I think we can verify the checksum of the running code for plugin matches the source code. Similar to signing of .jar files
I don't see how running the "right plugin" is going to help if the plugin deals with any 3rd party software or protocol at all as Evil Bob doesn't need to *change the plugin* he will make his changes to the 3rd party software or intercept and modify the protocol commands.
The problem of using blockchain.info is that it is a website and that opens it up to all the problems of websites being hacked. It seemed a lot more secure to be able to verify that bitcoind running matches the bitcoind source code.
It simply isn't relevant if you are going to have other servers "check the script execution" which you will *have* to do in order for it to be correctly verified (which is why sending an email would be silly).
I am not thinking that there are ANY third party softwares. The NXTplugin needs to incorporate some or all of the third party software into itself. Otherwise there is no way it can be trusted.
The peer servers will verify the output of the plugin. We rely on the source code to know what the plugin did. So all the peers can verify that Evil Bob made no changes to the plugin and the plugin ran and output the result. How can Evil Bob modify the plugin if NXT core is verifying checksum/hash of the executing code in memory? Any changes would change the checksum/hash of the in memory copy of the plugin.
If I am wrong in that, THAT is the feedback I am looking for. How can Evil Bob change the plugin without changing the checksum/hash of the in memory copy that is being called by NXTcore?
The peers dont have to send the email, they just need to verify that the checksum/hash + result/errorcode matches what would have been expected given the input data to the plugin, which is the output data from NXT VM script
James
Edit: Ideally we would have an externally verifiable action, eg. unmodified bitcoind issued command and it is verified on blockchain.info as an example