Creating a crystal clear and pure Internet

Florian Weimer fw at
Tue Nov 27 21:04:23 UTC 2007

* Jared Mauch:

> 	Within the next 2 major software releases (Microsoft OS) they're
> going to by default require signed binaries.  This will be the only viable
> solution to the malware threat.  Other operating systems may follow.
> (This was a WAG, based on gut feeling).

The code signing CAs have never been subject to serious attack.  It's
unlikely that they are sufficiently robust for this scheme to work on a
large scale.

There's also the issue that you can't reliably tell data (which,
presumably, does not need to be signed) from code.

More information about the NANOG mailing list