Ram A Moskovitz <[EMAIL PROTECTED]> writes: >On 11 May 2005 11:55:01 GMT, Peter Gutmann <[EMAIL PROTECTED]> wrote: >> That's addressing entirely the wrong threat model. The problem with ActiveX >> controls isn't (apart from one or two proof-of-concept ones) someone creating >> a malicious signed control (or FF plugin, or whatever). The problem is the >> bad guys exploiting holes in controls created by others. Signed, unsigned, >> doesn't make any difference to the attacker. While requiring signed plugins >> will protect you from anyone whose money the CA refuses to take or anyone who >> can't figure out how to exploit one of the 1,001 other plugins out there, it >> doesn't do much more than that. Under that threat model, it's simply not >> worth the cost of handling revocation checking. > >Why can't revocation be used to prevent further distribution of dangeriously >flawed software as well as malicious software? How about disabling the use of >the software?
How will you know which plugin(s) to disable? How will you prevent yourself from being sued by the creators of the plugin(s), who haven't violated the CA's TOS and therefore have no basis for having their plugins revoked? Peter. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
