On 11 May 2005 11:55:01 GMT, Peter Gutmann <[EMAIL PROTECTED]> wrote: > Jean-Marc Desperrier <[EMAIL PROTECTED]> writes: > > >There's a bug about signing FF extension in bugzilla, that what closed > >WONTFIX. There was some comments by the FF developers that digitally > >signing ActiveX has not proved effective against spyware. > >I agree with that but I maintain digital signing is still the solution > >only with some additional measures, in one word making sure an > >*effective* revocation framework is in place. > > That's addressing entirely the wrong threat model. The problem with ActiveX > controls isn't (apart from one or two proof-of-concept ones) someone creating > a malicious signed control (or FF plugin, or whatever). The problem is the > bad guys exploiting holes in controls created by others. Signed, unsigned, > doesn't make any difference to the attacker. While requiring signed plugins > will protect you from anyone whose money the CA refuses to take or anyone who > can't figure out how to exploit one of the 1,001 other plugins out there, it > doesn't do much more than that. Under that threat model, it's simply not > worth the cost of handling revocation checking.
Why can't revocation be used to prevent further distribution of dangeriously flawed software as well as malicious software? How about disabling the use of the software? _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
