RE: [Asrg] DCC and IP checksums

[Vernon Schryver <vjs@calcite.rhyolite.com>]

> From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

> ...
> The design of the code signing services was to ensure that code
> obtained through the web was at least as trustworthy as code bought
> in a shrinkwrap box in a store. It was not to eliminate all possible
> risks.
> ...

Requiring that the signature on the new version of the code match the
signature on the original from the shrinkwrap box would be a significant
and radical improvement on the ActiveX model and what I understood Phillip
Hallam-Baker to be proposing.  As I understand ActiveX, esssentially any
code signed by any vendor recognized by Microsoft and marked "safe" by
the vendor is allowed free reign to do whatever it wants.

However, I don't see how to allow Vendor X to change only bits that
have been previously signed by Vendor X except with something that
sounds like special case of "sandbox."


Vernon Schryver    vjs@rhyolite.com

P.S.  I would like to apologize to the list about my previous message.
 I didn't realize I was replying to a message from the list until
 after I'd hit the switch.

P.P.S.  "Fraud" is too strong for ActiveX if you cannot conceive of
 any network except a centrally controlled corporate net where there
 are are very few naive over-the-wire security threats and where
 whatever the central controllers want to do to other systems is
 kosher.  I'm sure I'm not the only one who has asked/warned users
 equuivalents of "this virus will aid the maintenance of your system"
 before Microsoft had heard of IP or thought of ActiveX or auto-update.
 Hooks to add and remove cron scripts and other things can ease a lot
 of transitions and deployment hassles.  Outside controlled corporate
 networks such things are worse than frauds.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg