[Cryptography] HP accidentally signs malware, will revoke certificate

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Oct 16 07:21:07 EDT 2014

Jerry Leichter <leichter at lrw.com> writes:

>Microsoft has had such a mechanism - known as a killbit
>http://en.wikipedia.org/wiki/Killbit - for many years.  It applies only to
>Active-X controls - it's not clear why they never extended the idea to
>arbitrary code. However, they could probably get essentially the same effect
>with their malware scanner.
>OS X has a similar mechanism with its simple-minded malware blacklisting
>mechanism, which has a special-purpose extension to do such things as
>blacklisting outdated versions of Java and Flash.
>iOS apparently includes a "kill application" mechanism which would allow Apple
>to quickly prevent a malicious app from running.  (Apple has never used this,
>saying it's there for emergencies.)  I don't think Android has an equivalent
>mechanism, and it certainly wouldn't work for stuff installed from alternative

X.509 doesn't handle this situation by design.  More than a decade ago a a
neverValid revocation flag to handle this type of situation was proposed and
rejected because That's Not How PKI Is Supposed To Work:

  we cannot allow a status which implies 'please unwind all transactions using
  this certificate, the purchaser must return the goods and a refund will be
  issued' as this removes all the certainty which PKIX is trying to provide.

PKI provides absolute certainty, dammit, and to have any kind of facility that
even hints otherwise is heresy.


More information about the cryptography mailing list