[4270] in WWW Security List Archive
Re: What does Authenticode Certify ? (was: Sceptic about (Funds Transfer w/o PIN))
daemon@ATHENA.MIT.EDU (Hallam-Baker)
Thu Feb 6 19:33:51 1997
From: Hallam-Baker <hallam@ai.mit.edu>
To: btoole@oakmanor.com
Date: Thu, 6 Feb 1997 17:18:12 -0500 (EST)
Cc: WWW-SECURITY@ns2.rutgers.edu
In-Reply-To: <32F9A833.58E0@oakmanor.com> from "Brian Toole" at Feb 6, 97 04:45:23 am
Errors-To: owner-www-security@ns2.rutgers.edu
Authenticode, like any certification procedure certifies only
that a certain proceedure has been followed in the issuance of the
certificate. No other guarantee is or can be made. The Verisign
proceedures document describes this in detail (and block capitals
for legal reasons).
The proceedure may be designed to provide assurances concerning the
identity of a party. Under the authenticode design I do not believe
that it is possible to do more due to the design of the hierarchy
and interfaces.
It is possible that an organization could undertake to perform some
sort of validation test and certify that a piece of code passed such a
test. This would not quite work in the authenticode implementation in
Internet Explorer however since the certificate appears to be
presented to the user as a publisher certificate and not an auditor's
certificate.
Can such a system provide a net user with confidence? I believe so since
what we experience and understand as "truth" in the physical world is
largely the application of method. The ontological problems are the
same for certificate hierarchies and in "real" life.
The problem is that the net provides a new class of security risks for
the user of a computer beyond the traditional ones. In the past a mailicious
actor could only threaten the use of the computer directly. With the net
the power of the computer is greatly magnified and so therefore is the
risk. There is little to be gained from programming a video game to trash
a users computer, as a result the purchaser of a video game is relatively
safe in trusting the CD bought in a store. There is much to gain from
credit card fraud. A hacker could modify a video game CD to tell quicken
to send cash to an account as easily (more).
Whether the vector for the attack is Java, active x or good old CD rom
THE RISK IS THE SAME.
Phill
