North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Creating a crystal clear and pure Internet

  • From: John Payne
  • Date: Tue Nov 27 16:37:04 2007
  • Authentication-results: [email protected]; domainkeys=pass (testing)
  • Authentication-results:; dkim=pass (1024-bit key) [email protected]
  • Dkim-signature: v=1; a=rsa-sha1; c=simple/simple;; s=haybaler; t=1196199113; bh=VpxfgOokmXFlNrwTgldbMBQPSW8=; h=In-Reply-To:References:Mime-Version:Content-Type:Message-Id:Cc: Content-Transfer-Encoding:From:Subject:Date:To:X-Mailer; b=Sahy0zz wfBOfXdQD7+avXuCnCbxRVQcLMhU14QOAGycd9EKJ8FZ1DxXdA7PAegQY0U7yJdeZiH XTpca9zFCsFQ7H7tJnJquNL3EwcG1Z0ZlBSWVKs7JcIXQRbHKVi8QgX16W6fp865C+r oGM9coAWWMiKLJ/xgfBaiuqdOKj8ig=
  • Domainkey-signature: a=rsa-sha1; s=haybaler;; c=nofws; q=dns; h=dkim-signature:in-reply-to:references:mime-version: content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=GubUQdFfkgZCO/H8v8GCjqlQI65tWeWK1knVVqaakF65eXt2u41vFGEu1rBBtc/qq eBYIoCy8RIVmI58lAm2zRMF3zebfctBqVDYiHGOeQksVsBvUBd0fR8XdWMtas+KVuYz zhQwS/n3kepcImR2WekmyO92lP31Rl0y+BuA1HY=

On Nov 27, 2007, at 4:04 PM, Florian Weimer wrote:

* Jared Mauch:

Within the next 2 major software releases (Microsoft OS) they're
going to by default require signed binaries. This will be the only viable
solution to the malware threat. Other operating systems may follow.
(This was a WAG, based on gut feeling).

The code signing CAs have never been subject to serious attack. It's
unlikely that they are sufficiently robust for this scheme to work on a
large scale.

One would hope that the CA's wouldn't be connected to an attack path...

The revocation stuff should be distributable if it's not already.