[161] in WWW Security List Archive
Re: what are realistic threats?
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Fri Sep 30 00:33:09 1994
From: hallam@dxal18.cern.ch
To: Larry Masinter <masinter@parc.xerox.com>
Cc: hallam@dxal18.cern.ch, www-security@ns1.rutgers.edu
In-Reply-To: Your message of "Thu, 29 Sep 94 09:47:55 PDT."
<94Sep29.094804pdt.2760@golden.parc.xerox.com>
Date: Thu, 29 Sep 94 23:12:06 +0100
Reply-To: hallam@dxal18.cern.ch
>But what are they signing? Are they attesting that the software
>contains no trojan horses? That it has no bugs that could be exploited
>by a cracker? That none of the patches that they have accepted from
>the many individuals who contribute to the construction of freeware
>have 'trojan horse' attacks? That THEIR site has never been cracked
>and one of their software modules replaced?
A software certificate would attest that the package was in the state
intended by the authours.
Ie if you pick up the libwww tar and a ceritificate signed by Henryk,
Heken and myself it guarantees that it has only the bugs put in by
Henryk, Heken and myself.
Of course if you don't trust us then the certificate means little.
But if you trust as only moderately disreputable then you know that
you have a moderately disreputable product and not a completely
derranged one hacked to rm your hole disk. Of course we might have
picked up such a Trojan horse by accident or carelessness.
Basically the certificate is a bit like vaccination. It protects you
from some diseases but not all.
But Larry is right to point this out. We need to make people understand
precisely the level of security they have. So a Larry certificate would
become :-
Digest-Boundary: RSA-MD5
Producer: World Wide Web Organisation
URI: URN://w3.org/software/libwww_3_0.tar.Z
MIC-Info: RSA-MD5, uuencodebit
X-Disclaimer: This product is suplied as is and without any warranty of
any kind. this certificate should be verified to check that
the product is in the same state as that in which it left the factory
gate.
MIC-Head: RSA, RSA-MD5, uuencodedkeyquitelong
I think that broadening the idea of certificates beyond the PEM idea as
just being a key certificates is a powerful one. We can also use
certificates to pass arround keys but that would be only one use amongst
many.
Phill.
