There will be a market of signed loaders, with the person whose code was submitted either non-existing or not knowing anything about it.
Ok, maybe you have ruled out to some extent (literally) "non-existing", I agree that there are obstacles. The second possibility may be weaker in chain: it is enough to compromise a signing system in any way just as systems are compromised nowadays, including but not limited to "I do not know who used my system to sign this" being a fake statement, which is really hard to prove. It does not take a lot of money to register a SomeName Ltd., use that for credentials and go bankrupt. Are you certain that in all countries this scheme will swiftly end in criminal prosecution? The TCO is not much higher than the fee for WinQual.
At best the thing will slighty modify the dynamics. If a system gets hacked using such loader one can assume they have not been hacked by kids but by more serious guys - what a consolation.
I am not arguing that this is not an obstacle - I just don't buy any marketing hype that this is cryptographically secure when it is not, and it is not because almost anyone can have a loader with a genuine signature (genuine is the right word here, right?).
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Code signing for anyone - it just does not make sense
Date: 2012-08-26 11:46 am (UTC)There will be a market of signed loaders, with the person whose code was submitted either non-existing or not knowing anything about it.
Ok, maybe you have ruled out to some extent (literally) "non-existing", I agree that there are obstacles. The second possibility may be weaker in chain: it is enough to compromise a signing system in any way just as systems are compromised nowadays, including but not limited to "I do not know who used my system to sign this" being a fake statement, which is really hard to prove. It does not take a lot of money to register a SomeName Ltd., use that for credentials and go bankrupt. Are you certain that in all countries this scheme will swiftly end in criminal prosecution? The TCO is not much higher than the fee for WinQual.
At best the thing will slighty modify the dynamics. If a system gets hacked using such loader one can assume they have not been hacked by kids but by more serious guys - what a consolation.
I am not arguing that this is not an obstacle - I just don't buy any marketing hype that this is cryptographically secure when it is not, and it is not because almost anyone can have a loader with a genuine signature (genuine is the right word here, right?).