[Cryptography] HP accidentally signs malware, will revoke certificate

Tom Mitchell mitch at niftyegg.com
Mon Oct 13 19:37:32 EDT 2014

On Sat, Oct 11, 2014 at 5:28 PM, Jerry Leichter <leichter at lrw.com> wrote:

> On Oct 11, 2014, at 7:05 PM, Theodore Ts'o <tytso at mit.edu> wrote:
> > It seems the real problem is that while we have Certificate Revocation
> > Lists when a CA wants to revoke its signature on a certificate, there
> > isn't the same concept of a Signed Software Revocation List where a
> > code signer can revoke a signature on a piece of code


> Microsoft has had such a mechanism - known as a killbit
> http://en.wikipedia.org/wiki/Killbit - for many years.  It applies only
> to Active-X controls - it's not clear why they never extended the idea to
> arbitrary code.  However, they could probably get essentially the same
> effect with their malware scanner.

Revocation of software seems like a double or triple sharp edge solution.
In a nutshell one could think of it as a global DRM take down.
It could be built into any system package management tool or virus scanner.

Apple, Adobe, Microsoft and many more have a daemon process that checks for
and installs the latest version of itself and of the application collection
under its purview.

It seems to me that any of these could become a problem and should be
the research topic of MAC and other policy management tools.  i.e. an Adobe
should be fenced in and able to only check and modify Adobe products.
One of the strengths of WinNT was a decent policy framework but because
it got in the way of too many things it was side tracked and fell into
MS failed to establish a policy that others could work with.

The lack of physical install media removes one anchor to bootstrap a correct
environment.   Install media for the most part does little to repair and
to risk data.  For example I have ancient email collections that I cannot
because one of 10,000 messages triggers virus scan tools that "do the right
thing" but 9,999 messages are also impacted.

The apparent abuses of DRM take down processes makes the entire
topic interesting.    The impact of a TLA suborning such tools to further
social or political gains is facilitated because some policy designs are
not transparent.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141013/3d7023e8/attachment.html>

More information about the cryptography mailing list