A mighty fortress is our PKI, Part II
Jack Lloyd
lloyd at randombit.net
Wed Jul 28 10:53:52 EDT 2010
On Wed, Jul 28, 2010 at 08:48:14AM -0400, Steven Bellovin wrote:
> There seem to be at least three different questions here: bad code
> (i.e., that Windows doesn't check the revocation status properly),
> the UI issue, and the conceptual question of what should replace the
> current PKI+{CRL,OCSP} model. For the last issue, I'd note that
> using pki instead of PKI (i.e., many different per-realm roots,
> authorization certificates rather than identity certificates, etc.)
> doesn't help: Realtek et al. still have no better way or better
> incentive to revoke their own widely-used keys.
With a sufficiently fine grained authorization model inside the OS,
there is no reason in principle that something like attribute
certificates couldn't work - RealTek would have a code signing cert
only valid for drivers that talked to network cards with specific PCI
vendors IDs, and UI tools that talked to that driver - the signature
on the worm binary in question would be valid, but the worm would not
be given the permissions it wants to actually do its thing. (Eg, when
was the last time you had a network driver that needed to access an
MSSQL db). Windows is not that OS. (Neither is Linux or BSD of
course). It looks like Singularity has some features which could
support this sort of model [1].
This is not to suggest this is at all an easy course of action to
take; my point is just that it's possible to do much better here
without having to alter anyone's incentives: the CAs still collect
their rent, and RealTek's drivers still work. Fixing the OS is
probably easier than somehow fixing PKI to do what we'd nominally want
it to do here (though actually revoking the cert would have been a
good start) or modifying the obvious incentives.
-Jack
[1] http://research.microsoft.com/apps/pubs/default.aspx?id=59976
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list