| I will cop to being confused about the Linux situation--I thought some issue had been identified for one of the distros. At this point, please allow me to take a step back and try to articulate my current views on removing the code sign trust bit: 1. Impacts to specific products: I had hoped that by now we'd be able to point to specific products that would be negatively impacted by removing the code signing bit. For those CAs who've requested this trust bit be turned on for their roots, do they have customers who want/need it? Are CAs just looking to improve their marketing? Even if we don't hear from product developers it would be nice to hear something from a CA about their wants/needs on this. 2. Loss of visibility/consistency/input: If Mozilla decides to exit the code signing world, the security community loses a place to share experiences, establish policies, discuss and evaluate bad acts and bad actors, and so forth--all the little things that I think are to the benefit of the TLS world. Perhaps a new venue would be set up (or is already set up?) but only time will tell if it happens and how well it works. 3. Signature compromise and code revocation: As most in this forum already understand, revoking something is sometimes as difficult as issuing it in the first place, and this is equally true for code signing as TLS (perhaps more so?). All code signing approaches have their drawbacks in this regard so the point is not to advocate for any particular solution so much as it is to acknowledge that the problem exists. In a way this is a follow-on to the previous item (where will we talk about revocation issues?) but I wanted to call it out separately. It seems most people want to free Mozilla of code signing--I get it. That said I do wonder how the landscape will look after it's removed. Best case: a new entity steps in. Worst case: we find ourselves facing a bad situation with no good options--maybe another DigiNotar or a Stuxnet?
On Tue, Oct 06, 2015 at 01:05:52PM -0500, Peter Kurrasch wrote: > Actually, what is the plan for Linux after the code signing trust bit is > dropped? What would change, such that Linux would have to make plans? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy | ||
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
