----- Original Message ----- 
From: "David Phillips" <david at acz.org>
To: "TCLUG Mailing List" <tclug-list at mn-linux.org>
Sent: Tuesday, December 30, 2003 10:09 AM
Subject: Re: [TCLUG] Secure Computing - The end of Linux?


> Mark Browne writes:
> > The possibility for Microsoft mischief boggles the imagination. As it
> > is now, getting things signed is enough to drive a sane person around
> > the bend. Imagine having to do this for every compile you make. Ask
> > anybody who has to work with Verisign on a regular basis - does
> > "Security set you free"?
>
> Getting things signed now is not difficult.  You buy a code signing
> certificate from VeriSign or Thawte and can sign whatever you want.  I
don't
> imagine that they'll do things any differently.  There will likely also be
> test certificates, to let you run code on your local machine.
>
> It is extremely unlikely that the PC will go the route of the Xbox.  And
> even that was cracked.

I don't think that this will work out as well as you indicate.

So I download an ISO and put it on my computer for free. I start writing
code. Life is good!

Then I have to *buy* a code signing certificate. What will this cost? Who
will regulate the issuance of these certificates?

Will I have to have a fixed home address to be allowed to get a certificate?
If not - can I use a stolen credit card to purchase and download a
certificate from an internet cafe? How will this provide trusted security?
The only way to prevent certificates from becoming the equivalent of post-it
notes next to the screen is draconian controls. Will this be any more secure
than passwords are now?

Will every programming student have to buy one of these certificates to
start their programming career? Will this be the same as a government issued
license to program?

Some of this seems to be at odds with the current nature of the open source
environment.

Mark Browne





_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list