[157] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (Larry Masinter)
Thu Sep 29 19:18:36 1994
To: hallam@dxal18.cern.ch
CC: www-security@ns1.rutgers.edu
In-reply-to: hallam@dxal18.cern.ch's message of Thu, 29 Sep 1994 03:07:46 -0700 <9409291007.AA26803@dxal18.cern.ch>
From: Larry Masinter <masinter@parc.xerox.com>
Date: Thu, 29 Sep 1994 09:47:55 PDT
Reply-To: Larry Masinter <masinter@parc.xerox.com>
>>OK. What about trojan horses in
>>a) ncsa mosaic?
>>b) ghostview?
>>c) any or all of X?
>>d) an http server?
>>e) emacs/wordperfect/ms word?
>>f) etc etc
> This is why I think we need a standalone certificate scheme. The
> program may reside on any server but has a certificate signed by the
> producer. Although single rooted authentication hierarchies have
> problems most people would trust the signature if signed by USGovt,
> MIT, W3O, AMEX and Peter Wright.
But what are they signing? Are they attesting that the software
contains no trojan horses? That it has no bugs that could be exploited
by a cracker? That none of the patches that they have accepted from
the many individuals who contribute to the construction of freeware
have 'trojan horse' attacks? That THEIR site has never been cracked
and one of their software modules replaced?
I expect every piece of freeware I get to come with an explicit
disclaimer that the software comes AS IS and that there are no
warrantees against bugs or misfeatures and no liability on the part of
the producer, etc. I'm not sure what the signature of the producer
buys me.
