There are many things about code signing that I don't think I understand.
I think that code-signing is a good thing, and that all things being equal,
code-signing is a good thing, and that code should be signed.
However, there seems to strange, mystical beliefs about it.
As an example, there's the notion that if you have signed code and you revoke
the signing key (whatever revoke means, and whatever a key is) then the
software will automagically stop working, as if there's some sort of quantum
entanglement between the bits of the code and the bits of the key, and
invalidating the key therefore invalidates the code.
This seems to me to be daft -- I don't see how this *could* work in a general
case against an attacker who doesn't want that code to stop working (and that
attacker could be either a malware writer or the owner of the computer). I can
see plenty of special cases where it works, but it is fundamentally not
reliable and a security system that wants to stop malware or whatever by
revoking keys is even less reliable because we now have three or four parties
(malware writer, machine owner, certifier, anti-virus maker).
It also seems to me that discussions on this list hit this situation from two
strange directions. One is the general sneering at the daft belief. The other
is continuing to discuss it. I don't care who is using it (even effectively);
we're all smart enough to know both that DRM cannot work, and yet there are
users of it that are happy with it. Whatever.
Slightly tangential to this is a discussion of expiration of signing keys. In
reality, they don't expire. Unless you you make a device that can be
permanently broken by setting the clock forward (which is certainly possible,
merely not desirable), then expiry can be hacked around. The rough edge of what
happens to code that expires while it is executing generalizes out to a set of
other problems that just show that in fact, you can't really expire a code
signing key any more than you can revoke it -- that is to say there are many
edge conditions in which it works and many of these are useful to some people
and some circumstances, but in the general case, it doesn't and cannot work.
But that doesn't mean that code signing is a bad thing. On the contrary, code
signing is very useful because you can use the key, the signature, or the hash
as a way to detect malware and form a blacklist, as well as detect software
that should be whitelisted.
Simply stated, an anti-malware scanner can detect (and remove) a specific piece
of malware by the simple technique of comparing its signature to a blacklist.
It can compare a single object's hash to a list of hashes and that only
requires the scanner to hash the code object; this catches the simple case of
malware that is merely re-signed with a new key. It also permits it to do more
complex operations than a simple hash (like hashing pieces, or hash at
different times) to identify a piece of malware. It can also use the key to
detect whole classes of malware (or good-ware).
Code signing is good because it gives the anti-malware people a set of tools
that augment what they have with some easy, fast, effective ways to categorize
software as known goods or known bads.
But that's it -- you don't get the spooky action at a distance aspects that
some people think you can do with revocation. You get something close, if you
feed the blacklist/whitelist information to whatever the code-scanner is.
Nonetheless, this answers how you deal with signed malware (once it's known to
be malware, you stop it via signature), or bogus 512-bit signing keys (just
declare anything signed by such to either be treated as malware or as unsigned).
So am I missing something? I feel like I'm confused about this discussion
because *of* *course* you can't revoke a key and have that magically transmit
to software. Perhaps some people believe that daft notion and have built
systems that assume that this is true. So what? Maybe it works for them. The
places where it doesn't work aren't even interesting. Perhaps observing when
this daft notion meets the real world is helpful as an object lesson. Perhaps
it works for *them* but not *us*.
But really, I think that code signing is a great thing, it's just being done
wrong because some people seem to think that spooky action at a distance works
with bits.
Jon
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
