Microsoft will sing code for anyone. This cannot ever be secure. First, I don't buy the argument that they can track who signed it. There will be a market of signed loaders, with the person whose code was submitted either non-existing or not knowing anything about it. So, Microsoft will blacklist them: when? When there is a known exploit? It seems a little late for a cryptographically "safe" feature. No one else has the list of keys that were signed. Maybe they will blacklist everything they sign except own - there are two problems with that. Space overflow in blacklists will limit the count of keys they can sign. Second: this would mean that the Fedora shim loader would be useless.
My point is that the signing service will either be insecure - also for Fedora - or will be limited or will be terminated. I now value what you just described for making own keys, otherwise the whole feature is pretty useless.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Code signing for anyone - it just does not make sense
Date: 2012-08-16 07:39 pm (UTC)Microsoft will sing code for anyone. This cannot ever be secure. First, I don't buy the argument that they can track who signed it. There will be a market of signed loaders, with the person whose code was submitted either non-existing or not knowing anything about it.
So, Microsoft will blacklist them: when? When there is a known exploit? It seems a little late for a cryptographically "safe" feature. No one else has the list of keys that were signed. Maybe they will blacklist everything they sign except own - there are two problems with that. Space overflow in blacklists will limit the count of keys they can sign. Second: this would mean that the Fedora shim loader would be useless.
My point is that the signing service will either be insecure - also for Fedora - or will be limited or will be terminated. I now value what you just described for making own keys, otherwise the whole feature is pretty useless.