[100969] in North American Network Operators' Group
Re: Creating a crystal clear and pure Internet
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Nov 27 16:09:14 2007
From: Florian Weimer <fw@deneb.enyo.de>
To: Jared Mauch <jared@puck.nether.net>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
Date: Tue, 27 Nov 2007 22:04:23 +0100
In-Reply-To: <20071127150355.GC76456@puck.nether.net> (Jared Mauch's message
of "Tue, 27 Nov 2007 10:03:55 -0500")
Errors-To: owner-nanog@merit.edu
* Jared Mauch:
> Within the next 2 major software releases (Microsoft OS) they're
> going to by default require signed binaries. This will be the only viable
> solution to the malware threat. Other operating systems may follow.
> (This was a WAG, based on gut feeling).
The code signing CAs have never been subject to serious attack. It's
unlikely that they are sufficiently robust for this scheme to work on a
large scale.
There's also the issue that you can't reliably tell data (which,
presumably, does not need to be signed) from code.