Archive for April, 2009

Code Signing Can Be Trusted (but not blindly)

Wed, 08 Apr 2009

Ben Laurie, who certainly knows security, and is a top bloke for the work he has done on FreeBMD, posted yesterday on why signatures don’t provide assurance of trustworthiness or quality.

I have to respectfully disagree on this.  The context is the W3C widget signing specification, and the wording in that spec that is at issue is:

Widget authors and distributors can digitally sign widgets as a trust and quality assurance mechanism.

If third-party CAs issue code signing certificates to widget authors, and the device trusts the widget authors’ signatures, then I agree it won’t assure either trustworthiness or quality.  I think that’s the model Ben is criticising (as in Microsoft Authenticode) and I agree with him so far as that goes.  There is, however, an alternative model which is the one that Symbian Signed has been successfully using for the past several years: the device doesn’t trust the developer’s signature, but the developer submits their signed application to a certification programme, which enforces acceptance criteria before re-signing the application with a different signature that is trusted by the device.

You can of course argue with the specific acceptance criteria, but surely this model can theoretically provide assurance of trustworthiness or quality, and the W3C widget signing spec can be used with that sort of signing scheme.

Many Eyes and Security Incentives

Wed, 01 Apr 2009

[sorry this ended up being so long, I couldn’t see a good way to split it into smaller posts!]

I am often asked whether I think that publishing the complete source code to the Symbian Platform will result in more security vulnerabilities being exploited by the “bad guys” (Internet fraudsters, malware writers, software pirates, etc.)

The short answer to that is: No. I’m confident that the advantages of collaborative open source development will more than outweigh any disadvantages of potential attackers getting easier access to the implementation details of the Symbian OS security mechanisms. There is however a longer answer explaining why I think that, which is what I’d like to share in this blog post. (more…)