1996-03-23 - Re: Digital Signature Inititiative

Header Data

From: Alan Olsen <alano@teleport.com>
To: pdx-cypherpunks-l@teleport.com
Message Hash: 496aa1ab565a8d34b213d86ce1e620bdad93d6f421ff515e934bb9ea5dea650a
Message ID: <2.2.32.19960323011508.0092e328@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-03-23 06:20:52 UTC
Raw Date: Sat, 23 Mar 1996 14:20:52 +0800

Raw message

From: Alan Olsen <alano@teleport.com>
Date: Sat, 23 Mar 1996 14:20:52 +0800
To: pdx-cypherpunks-l@teleport.com
Subject: Re: Digital Signature Inititiative
Message-ID: <2.2.32.19960323011508.0092e328@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


I am glad to see this clarification on the signature policy.  (Sorry for the
paranoia, but I have reasons to be wary of plans made in Redmond...) 

The article that I quoted in the first post was quite misleading as to a
number of points.  (Which is why I should not believe things written in one
page articles, but that is another point...) With the author's credentials,
I would have expected a wee bit more accuracy (or clarity).

I do have a number of comments on what you posted, however...

At 04:04 PM 3/22/96 -0800, Stuart Theodore wrote:
>Good afternoon,
>
>I am the program manager at Microsoft responsible for putting the
>digital signature program in place.   I am sending this mail in response
>to a recent mail string sent to these aliases appearing at the bottom. 
>
>To summarize some important points of the program:
>
>*  The program creates a certificate authority infrastructure which
>consists of thrid party non-software affiliated companies such as
>VeriSign and GTE who will act to grant certificates to allow code to be
>signed.   The policies defining who can be a certificate authority and
>what it means to be a trusted software publisher will be a matter of
>public policy(standard).  The point being that Microsoft does NOT
>control who can/cannot sign code.

This is a good thing.  (This was clarified after I posted by a developer who
had returned from an MS developers conference on Internet Apps.) It is also
nice to see that there will be more than one option of signing services.
Hopefully the policies will not be such as to shut out the small,
independant web designers/developers.

>*  This approach solves the problem of identity and integrity, and is
>viewed by MS as complementary to the sandboxing approach used by Java
>scripting, which we view to be incomplete and unsatisfactory by itself. 
>We believe that Java needs to sign platform dependent Java classes in
>addition to their sandboxing scheme.  

Actually it protects against mallicious code (for the most part), but not
against badly designed code.  I can see where improperly tested and designed
code could cause problems on host machines.  I have not seen anything that
makes OLE code more secure (or more stable) in the real world environment.
(Just lots of paperwork being signed that says "We will not use these powers
for Evil".)

With Java, there has been alot of work to make the language less subject to
abuse.  I have not seen anything in that regards involving OLE.

>*  The W3C is creating a working group in this area to develop standards
>around the policies mentioned in the first point, and the formats of the
>certificate and signature formats.  Microsoft is committed to making
>this a open, industry, x-platform standard...

This is a good thing.  And I hope that they release them to the rest of the
world before implementing them and releasing in a bunch of MS products.
(This is one of my big beefs with Microsoft.  I have seen a number of cases
where APIs are released to developers MONTHS after they appear in Microsoft
products.  Not cool.)

>* regarding the mac question - there already is a  version of Internet
>Explorer for the Macintosh, available for download at
>www.microsoft.com/ie. Microsoft is has already announced its committment
>to building cross-platform internet products.

I am glad to hear it.  Before this thread i had not heard of a Mac version.
(Maybe it is becuase my friends who use the Mac have dropped using any
Microsoft products.  Come to think of it, it was because of how Word for the
Mac implemented OLE...  (Among other things.))

>I would be happy to answer more questions you may have about this
>program, inluding proving more information.

The part that interests me about the signing of executables is not for
distribution over the web.  (I beleive that OLE is not abuse proof enough
for that yet.)  What I would like to see is an API (or internal routines) to
allow the app to check the signature opon loading and perform checks to
detect tampering within the executable.  This I see as a very useful thing,
mpore so than the web applications.  Is such a thing planned?

Also, is there a web page that has additional information/plans about this API?
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
                http://www.teleport.com/~alano/ 
  "We had to destroy the Internet in order to save it." - Sen. Exon







Thread