Creating a crystal clear and pure Internet
Florian Weimer
fw at deneb.enyo.de
Tue Nov 27 21:04:23 UTC 2007
* Jared Mauch:
> Within the next 2 major software releases (Microsoft OS) they're
> going to by default require signed binaries. This will be the only viable
> solution to the malware threat. Other operating systems may follow.
> (This was a WAG, based on gut feeling).
The code signing CAs have never been subject to serious attack. It's
unlikely that they are sufficiently robust for this scheme to work on a
large scale.
There's also the issue that you can't reliably tell data (which,
presumably, does not need to be signed) from code.
More information about the NANOG
mailing list