On Thu, 20 Feb 1997, Ian Miller wrote:
> At 08:58 20/02/97 -0500, you wrote:
> >Authenticode is the ideal model for today's
> >society. It doesn't prevent anything, but gives you the name of the
> >person/company/etc to sue if their stuff does anything wrong.
> >That is a solution?
> It is provided:-
> 1) All the "person/company"s issued with authentication keys have adequate
> assets to be worth suing.
> 2) All the "person/company"s are resident in jurisdictions where they can be
> sued effectively.
> 3) All the "person/company"s who are signing controls in good faith are also
> sufficiently careful and competent to ensure that other malicious persons
> cannot subvert their benign Active-X controls for malicious purposes. (I
> assume here that the courts will not allow unlimited consequential damages
> against suppliers of no-warranty free software. However this seems a fairly
> safe assumption. I am certain this is the case in the UK.)
Also assuming that neither MS, nor anyone else they give a signing program
to has the setup stolen (remembering that you could mount many MS internal
servers via their own SMB services until they tweaked their firewall).
How do you insure certificate revocation?
Or what happens when you go to an ActiveX class or buy the Microsoft Press
version? How does Microsoft *know* what they are signing?
Or when someone duplicates the signing technology (Oh, before you run this
neat application, you will need to Upgrade your Cert Authority Now!).
So far, the only nice thing about ActiveX is that I think it doesn't run
on anything except MS operating systems and browsers.
Automatically running any object code off the web is never going to be
secure. Java bypasses this by using an interpreter, which you can try to
insure doesn't contain tokens capable of reading or writing to disk, etc.
and can correct flaws in such an interpreter.
finger tz @
com for PGP key