From pem-dev-request(_at_)magellan(_dot_)TIS(_dot_)COM Mon Feb 14 15:27:57 1994
In the first, anyone who has access to the TIS/PEM key database can
modify it, set the "designated valid bit" and spoof you out.
Then again, if someone can get at your database, I would suspect that
the same attack would work against your copy of the software. (i.e.
person can access your files, person can replace your copy of the software
with a spoof.)
Whereas this is probably true of most systems today, this isn't
necessarily true.
There are steps that can be taken to protect the integrity of
the software using means outside of the software itself. For
example, I can be running a secure boot from local CD-ROM, and
be acquiring all software from local CD-ROM; spoofing this is
hard.
[Or I can be running an OS that checks signatures on program
executables (the boot process can check signatures on the OS,
etc).]
Thus the software environment itself can be made relatively
unspoofable.
In such cases, having programs that strongly check the integrity
of their own databases, using e.g signatures, helps. (I cant store the
databases on local CD-ROM, since I assume they need to be modified
more frequently than the software itself.)
Ashar.