From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_1127_01C6D32D.882987D0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   You can either give users a choice or not.  Someone will complain =
either way.  There is no single best answer.  In the scenarios where = code
signing applies, if the signature is valid it is intended for the = user to
make his own choices.  This is not a safe vs. unsafe choice = where you
might be able to excuse bias toward the safe option.

Rich
  "Antti Kurenniemi"  wrote
in message =
news:45019edc{at}w3.nls.net...
  I didn't mean that signing is not necessarily untrustworthy, I mean =
that=20
  implementing Yet Another Thingamajick Everyone Should Understand is =
*not* an=20
  improvement in security because who the hell can keep up with all =
these=20
  things? The more "security improvements" there are that require the =
end user=20
  to understand and make decisions, the less they help security. For =
example,=20
  take a look at the windows update website: if you have the IE download =

  blocker enabled, the website displays very friendly and helpful =
information=20
  about how to disable it and download the file. Nice and helpful, yes? =
No, it=20
  totally and utterly sucks, because it requires the user to have a =
grasp of=20
  reality and understand *why* there is such a thing as a download =
blocker,=20
  and *why* this particular site should be allowed to bypass it, and so =
on. I=20
  bet more than half the users could be simply informed how to do the =
same and=20
  install any worm or virus in the world, as long as the website had as =
easy=20
  to follow information.

  The answer to security is not to require the user to make every =
choice,=20
  that's only shifting the problem from the producer to the consumer.


  Antti Kurenniemi
  (no, I don't know what *is* the answer, and even if I did I'm too =
drunk to=20
  write much more now)

  "Rich"  wrote in message news:4500ee78$1{at}w3.nls.net...
     No.  You look at the signing certificate to see if you trust both =
the=20
  signing party and the certification path.  If you do not, do not trust =
the=20
  signed entity.  If something is not signed, you don't have even this =
option.=20
  How do you choose what to trust?

     The average Joe relies on the identity of the signing party alone =
and=20
  assumes that the certification authorities that are not distrusted =
have been=20
  vetted.

     In practice, have you ever known this to be a problem with signed =
code?=20
  How much actual malware do you hear of that is signed?  I can't think =
of any=20
  that wasn't some PR stunt by someone that signed a demo which he =
released=20
  under his own name anyway.

  Rich

    "Antti Kurenniemi"  wrote
in message=20
  news:450054c1{at}w3.nls.net...

    The concept of "signed" executables / activex / whatnot makes me =
want to
    slap someone every time I see it mentioned. Yeah, sure, it's signed =
- now
    what? Should I visit Redmond to ask someone if they really signed =
this, or
    if this is just a trick - a message box saying this executable is =
signed?
    The rate at which these new "improvements" keep popping up is such =
that no
    average Joe can ever really know if he's being fooled or if it =
really is
    legit...


    Antti Kurenniemi



------=_NextPart_000_1127_01C6D32D.882987D0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   You can
either give users =
a choice or=20
not.  Someone will complain either way.  There is no
single = best=20
answer.  In the scenarios where code signing applies, if the =
signature is=20
valid it is intended for the user to make his own choices.  This
is = not a=20
safe vs. unsafe choice where you might be able to excuse bias toward the = safe=20
option.
 
Rich

  "Antti Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
  wrote in message news:45019edc{at}w3.nls.net...I
= didn't=20
  mean that signing is not necessarily untrustworthy, I mean that=20
  implementing Yet Another Thingamajick Everyone Should Understand =
is *not*=20
  an improvement in security because who the hell can keep up with =
all these=20
  things? The more "security improvements" there are
that require =
the end=20
  user to understand and make decisions, the less they help =
security. For=20
  example, take a look at the windows update website: if you have =
the IE=20
  download blocker enabled, the website displays very friendly and =
helpful=20
  information about how to disable it and download the file. Nice =
and=20
  helpful, yes? No, it totally and utterly sucks, because it =
requires the=20
  user to have a grasp of reality and understand *why* there is such =
a thing=20
  as a download blocker, and *why* this particular site should be =
allowed to=20
  bypass it, and so on. I bet more than half the users could be =
simply=20
  informed how to do the same and install any worm or virus in the =
world, as=20
  long as the website had as easy to follow
information.The =
answer=20
  to security is not to require the user to make every choice, =
that's only=20
  shifting the problem from the producer to the =
consumer.Antti=20
  Kurenniemi(no, I don't know what *is* the answer, and even if I =
did I'm=20
  too drunk to write much more
now)"Rich" <{at}> wrote in =
message=20
  news:4500ee78$1{at}w3.nls.net...=
  =20
  No.  You look at the signing certificate to see if you trust both =
the=20
  signing party and the certification path.  If you do not, do =
not=20
  trust the signed entity.  If something is not signed, you =
don't have=20
  even this option. How do you choose what to =
trust?   The=20
  average Joe relies on the identity of the signing party alone and =
assumes=20
  that the certification authorities that are not distrusted have been=20
  vetted.   In practice,
have you ever known this =
to be a=20
  problem with signed code? How much actual malware do you hear of =
that is=20
  signed?  I can't think of any that wasn't some PR stunt by =
someone=20
  that signed a demo which he released under his own name=20
  anyway.Rich  "Antti
Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
  wrote in message news:450054c1{at}w3.nls.net...=
 =20
  The concept of "signed" executables / activex / whatnot makes me want=20
  to  slap someone every time I see it mentioned. Yeah, sure, =
it's=20
  signed - now  what? Should I visit Redmond to ask someone if =
they=20
  really signed this, or  if this is just a trick - a message =
box=20
  saying this executable is signed?  The rate at which these =
new=20
  "improvements" keep popping up is such that
no  average Joe =
can ever=20
  really know if he's being fooled or if it really is =20
  legit...  Antti=20
Kurenniemi

------=_NextPart_000_1127_01C6D32D.882987D0--

--- BBBS/NT v4.01 Flag-5