[100970] in North American Network Operators' Group
Re: Creating a crystal clear and pure Internet
daemon@ATHENA.MIT.EDU (John Payne)
Tue Nov 27 16:33:35 2007
In-Reply-To: <87ir3nv1rc.fsf@mid.deneb.enyo.de>
Cc: Jared Mauch <jared@puck.nether.net>, Sean Donelan <sean@donelan.com>,
nanog@merit.edu
From: John Payne <john@sackheads.org>
Date: Tue, 27 Nov 2007 16:31:56 -0500
To: Florian Weimer <fw@deneb.enyo.de>
Errors-To: owner-nanog@merit.edu
On Nov 27, 2007, at 4:04 PM, Florian Weimer wrote:
>
> * Jared Mauch:
>
>> Within the next 2 major software releases (Microsoft OS) they're
>> going to by default require signed binaries. This will be the
>> only viable
>> solution to the malware threat. Other operating systems may follow.
>> (This was a WAG, based on gut feeling).
>
> The code signing CAs have never been subject to serious attack. It's
> unlikely that they are sufficiently robust for this scheme to work
> on a
> large scale.
One would hope that the CA's wouldn't be connected to an attack path...
The revocation stuff should be distributable if it's not already.