[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Authenticode key security




Bob Atkinson <[email protected]> writes:
> Actually, and sort of to the point, no, the keys never actually ever the
> BBN box, except as part of a backup procedure in which they are
> extracted in a doubly-encrypted form for which for security reasons you
> need the manufacturer's help in restoring.
> 
> To this day, no human or computer other than the box itself knows the
> key.

Yeah, but we can always just release a patch for windows which makes
it check signatures made by "cypherpunks certification services". 

As has been noted in previous discussions of CAPI (on this list),
there is room for different competing patched key signature services:
sign anything, sign only CAPI modules which don't involve GAK (key
escrow), sign modules for which source code has been examined and
provide a degree of assurance that the module is secure.  Charges
could be made for the CAPI rating, to the module provider, and to the
users of the rating service even (with non-transferable signatures).

Also, the BBN box might be overkill considering ActiveX -- the key
could probably be patched delivered maliciously by the unsuspecting
windows user accessing a web page.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`