27 Nov
2007
27 Nov
'07
4:31 p.m.
On Nov 27, 2007, at 4:04 PM, Florian Weimer wrote:
* Jared Mauch:
Within the next 2 major software releases (Microsoft OS) they're going to by default require signed binaries. This will be the only viable solution to the malware threat. Other operating systems may follow. (This was a WAG, based on gut feeling).
The code signing CAs have never been subject to serious attack. It's unlikely that they are sufficiently robust for this scheme to work on a large scale.
One would hope that the CA's wouldn't be connected to an attack path... The revocation stuff should be distributable if it's not already.