funsec mailing list archives
Re: standards status in the industry - opinion?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 09 Jan 2006 13:20:08 +0000
On Mon, 2006-01-09 at 13:50 +0100, James Kehl wrote:
Another aspect might be the cost/tax to get your drivers certified. I don't know the process myself, but chances are you would have to pay, pay big, and pay whenever you released an update.
Indeed, that's what I was getting at with "the hoops MS make you jump through" in a previous post. The users excuse is they just don't care enough to know the difference, the developers excuse is that MS make it too difficult, technically or economically, to comply.
(Has anyone seen a certified Windows driver that wasn't bundled with a MS product?) I'm surprised nobody's skipped the hassle and just installed their own root cert. The fact the installer's running as Administrator implies Game Over in security terms, anyway.
There is nothing wrong with doing that. I'd love to see drivers and other software signed by people other than MS that network admins can use in a chain of trust. This combined with MS handling all of their own software well, would be a very good solution and could quite easily cover large numbers of vendors in the way SSL certificates on websites scales well. This makes the whole process cheaper and easier. I'd like to see more use of software signing using this sort of mechanism, it's a very valid mechanism to help with the problem of untrusted code within the enterprise network. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: standards status in the industry - opinion?, (continued)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 08)
- Re: standards status in the industry - opinion? Valdis . Kletnieks (Jan 08)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)
- Re: standards status in the industry - opinion? James Kehl (Jan 09)
- Re: standards status in the industry - opinion? Barrie Dempster (Jan 09)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re[2]: standards status in the industry - opinion? Pierre Vandevenne (Jan 07)
- Re[2]: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: Re[2]: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: Re[2]: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: Re[2]: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: Re[2]: standards status in the industry - opinion? Valdis . Kletnieks (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: Re[2]: standards status in the industry - opinion? Drsolly (Jan 08)