On 9 Dec, 2011, at 9:15 PM, Peter Gutmann wrote:
> Jon Callas <j...@callas.org> writes:
>
>> If it were hard to get signing certs, then we as a community of developers
>> would demonize the practice as having to get a license to code.
>
> WHQL is a good analogy for the situations with certificates, it has to be made
> inclusive enough that people aren't unfairly excluded, but exclusive enough
> that it provides a guarantee of quality. Pick any one of those two.
>
> (I have a much longer analysis of this, a bit too much to post here, but
> there's a long history of vendors gaming WHQL and the certifiers looking the
> other way, just as there is with browser vendors looking the other way when a
> CA screws up, although in the case of hardware vendors the action is
> deliberate rather than accidental).
Sure, and that's why the assurance system and the signatures have to be tied
together and the incentives have to be aligned. In a software market where the
app store itself is doing the validation, doing the enforcement, signing the
code, and taking the responsibility for both delivering the software and
backfilling the inevitable errors, you'll see the *system* lower malware. But
even in that, it's the system that's doing it, not digital signatures. The
signatures are merely the wax seals. The quality system has to be built to
create and deliver quality. That is the sine qua non of this whole thing.
I think we agree that trying to build quality by giving certificates to
developers is a fantasy at best.
Jon
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
