[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31

From: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
To: benl at google.com, tlr at w3.org
Cc: art.barstow at nokia.com, Frederick.Hirsch at nokia.com, saag at ietf.org
Date: Tue, 07 Apr 2009 01:47:35 +1200
In-reply-to: <1b587cab0904060608x14ccee52g2d16c4e780f8cd5 at mail.gmail.com>

Ben Laurie <benl at google.com> writes:

>I find it pretty annoying that signing widgets is described as a "trust and
>quality assurance mechanism".

It's a valid comment though.  A large-scale study (from Microsoft's malware
research group) has shown that the majority of CA-certified signed malware is
in the "severe" or "high-risk" category.  So seeing a signature on malware
provides a high level of trust that this is the high-quality stuff you're
seeing and not some cheap knockoff.

Peter.

Follow-Ups:
- Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
  - From: Ben Laurie

References:
- Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
  - From: Ben Laurie

Prev by Date: Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
Next by Date: Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
Previous by thread: Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
Next by thread: Re: [saag] Fwd: [widgets] New WD of Widgets 1.0: Digital Signatures spec published on March 31
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.