ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] {Asrg] some comments on the signing and authentication off-topic rant

2003-03-13 04:46:00
from [Tom Thomson] [Permanent Link] 
From: Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com>
Subject: RE: [Asrg] DCC and IP checksums


From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>

...
The design of the code signing services was to ensure that code
obtained through the web was at least as trustworthy as code bought
in a shrinkwrap box in a store. It was not to eliminate all possible
risks.
...


Requiring that the signature on the new version of the code match the
signature on the original from the shrinkwrap box would be a significant
and radical improvement on the ActiveX model and what I understood Phillip
Hallam-Baker to be proposing.  As I understand ActiveX, esssentially any
code signed by any vendor recognized by Microsoft and marked "safe" by
the vendor is allowed free reign to do whatever it wants.


In that case you don't understand active-X very well.  It's possible to set
up your box in a variety of different ways. Most of my boxes will tell me
when they see an sibned active-X control, tell me who signed it, tell me
whether it is marked "safe for scripting", and ask me if I want to let it
run.

It also strikes me that there's a pretty clear distinction between
authentication in that setup - someone signed it and the system checks the
certificate chain - and authorisation - I give permission for the code to
run - so maybe you have been falsely accusing MS about failing to make that
distinction?  Certainly I have never seen anything from MS that tells me I
should trust signed code, as opposed to trusting that it was signed by the
signer.

I don't think MS is particularly good at security, but they aren't any worse
than anyone else in the business (apart from their email scripting, where
they really introduced a nightmare for themselves and for all their
customers)and they seem to be less inclined to push snake oil than some
rival camps. Code signing was designed for exactly what Phill described and
works as well as any PK system will work for that purpose (which is not
actually very well, since certifying authorities have no relationship with
relying parties, but is probably the best that can be done at present).


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] {Asrg] some comments on the signing and authentication off-topic rant, Tom Thomson <=
Previous by Date:  RE: [Asrg] DCC and IP checksums, Paul Judge
Next by Date:  RE: [Asrg] Proposal ...., ietf(_at_)centipaid(_dot_)com
Previous by Thread:  [Asrg] Position paper, in zipped HTML, Hallam-Baker, Phillip
Next by Thread:  Deployment advantage RE: [Asrg] Random thought, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]