Creating a crystal clear and pure Internet
john at sackheads.org
Tue Nov 27 21:31:56 UTC 2007
On Nov 27, 2007, at 4:04 PM, Florian Weimer wrote:
> * Jared Mauch:
>> Within the next 2 major software releases (Microsoft OS) they're
>> going to by default require signed binaries. This will be the
>> only viable
>> solution to the malware threat. Other operating systems may follow.
>> (This was a WAG, based on gut feeling).
> The code signing CAs have never been subject to serious attack. It's
> unlikely that they are sufficiently robust for this scheme to work
> on a
> large scale.
One would hope that the CA's wouldn't be connected to an attack path...
The revocation stuff should be distributable if it's not already.
More information about the NANOG