Re: Code Signing ???

[Saqib Ali <docbook.xml () gmail com>]

Hello Devdas,

I am not sure if you are in agreement with me or not ;-)

> And we have had Verisign issuing a certificate to random people in the
> name of Microsoft[1]. Also, even the IT department cannot trust a random

Verisign has improved there process a lot. Do you examples of this
happening recently?

> binary, unless it comes over a trusted channel and from a trusted source.
This will require re-designing the internetwork, with each router
controlled by a central authority, much like a telefon switching
network.

> It only proves that someone was willing to spend some money on getting a
> certificate in that name. Can you give a single good reason to trust a
> CA who you do not personally know? And a million other people trust them
> is not a good reason. A web of trust is far more useful than a simple
> tree.[2]

This is a seperate debate. And effects several other technologies
aside from Code Signing.

> And that is a large reduction in security. Remember, you cannot blame
> the vendor (EULA). So the code signing merely proves that the code did,
> in fact, come from that vendor. Which is of no use, since there is no
> compensation for bad code.

Again. Code Signing never claimed to accomplish this. Code Signing
never certifies that a piece of code is "good" code.

> If I can compromise the system, I can change the executable and delete
> the signature. Since the executable will work fine without the
> signature, it isn't really effective.

Well if you can compromise the system, you can do much mroe harm then
just modify the binary. That is why I stated earlier that this is out
of the scope of code signing.
"It is like saying host based IDs or anti-virus are useless, becuase
if you can compromise the system you can turn them off."

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.