[cryptography] How are expired code-signing certs revoked?

Nico Williams nico at cryptonector.com
Fri Dec 9 17:28:00 EST 2011

On Fri, Dec 9, 2011 at 4:08 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> On Dec 9, 2011, at 3:46 18PM, Jon Callas wrote:
>> If it were hard to get signing certs, then we as a community of developers would demonize the practice as having to get a license to code.
> Peter is talking about stolen certs, which for most parts of the development
> community aren't a prerequisite...  But there's an interesting dilemma here
> if we insist on all code being signed.
> Assume that a code-signing cert costs {$,€,£,zorkmid}10000/year.  Everyone but
> large companies would scream.  Now assume the cost is {$,€,£,zorkmid}.01/year
> or even free.  At that price, it's a nuisance factor, and would be issued via
> a simple web interface.  Simple web interfaces are scriptable (and we all know
> the limits of captchas), which means that malware could include a "get a cert"
> routine for the next, mutated generation of itself.  In fact, they're largely
> price-insensitive, since they'd be programmed with a stash of stolen credit
> cards....

This strengthens the argument for digital signatures as a means of
providing upgrade continuity and related application grouping /
isolation, as in the Android model.  No need for a PKI then, no need
to pay for certificates.

In the Android model it shouldn't matter that malware might be signed.
 What should matter is that malware should not be able to gain control
of the device or other user/app data on that device, and, perhaps,
that the user not even get a chance to install said malware, not
because the malware's signatures don't chain up to a trusted CA but
because the "app store" doesn't publish it and the user uses only
trusted app stores.  Neither of the last two is easy to ensure though


More information about the cryptography mailing list