Some people call Linus Torvalds "rude". I call him "honest".

Wed Feb 27 16:00:43 UTC 2013

On Wed, Feb 27, 2013 at 12:07:46AM -0500, D. Hugh Redelmeier wrote:
> What's "like this"?
> 
> Opinionated?  Yes.
> 
> Strongly stating his opinion?  Yes.
> 
> Right?  Usually.
> 
> Using crude/rude words and analogies?  Yes, I think so.  I suspect
> that it is cultural rather than idiosyncratic.  I know a lot of others
> who talk like that but not so often in public venues.

Yeah nothing new there.

> BTW, I strongly sympathize with his position.  I don't understand the
> issues deeply enough to see whether his position is impractical.
> 
> Microsoft really is at war with Linux.  Giving them the "keys to the
> kingdom" would seem quite foolish.  Better to force a new Linux-wide
> signing authority to be created.
> 
> Who needs this?  As far as I know, only publishers of distro-independent 
> closed-source Linux Kernel modules and firmware binary blobs, a dubious 
> category in itself.  And I would certainly not automatically/mechanically 
> trust a system with such drivers.  I guess we've lost the fight about 
> binary blobs.
> 
> X.509 certificates really are the industry standard and probably
> should be sufficient.  Each (signed) cert needs to declare its competence
> (i.e. what it is allowed to sign).  I don't know how you delegate a
> delimited driver-signing competency (but I haven't tried to find out).
> Perhaps Microsoft only signs PE binaries to avoid the issues of 
> delegation.

Well Microsoft uses PE/COFF executables.  Linux (and most unix systems)
use ELF.  Mac OS X is using Mach-O format.  Not much else is in common
use.

Of course EFI requires PE/COFF format for boot loaders and other files
that it executes.  Probably Microsoft's fault that it uses that.

> It's important to know the meaning of a all signatures that could allow a 
> system to be considered "Trusted" by this mechanism.  If the meaning of 
> one signature is "this really came from a specific Yahoo email account", 
> and another means "I've formally verified that this module meets its 
> specs", and another means "The US government wants you to trust this", 
> what does that say about the trust of a system with all those?  The things 
> that are forbidden are the intersection of the complement of all those 
> claims, and lot of bad things escape that.
> 
> Remember Microsoft's telling us we should trust ActiveX over the web?  
> After all, all ActiveX modules were signed.  But all that proved was that 
> Microsoft believed that the module it signed came from the source who had 
> paid a license fee and agreed to license terms.  No verification of the 
> code was involved.  Punishment for a discovered violation was loss of the 
> license AFTER THE FACT.  No sandboxing or any other technical control.  
> This went on for years.  Pathetic.

Yeah signing didn't help anything there.

Also given the security disasters a few certificate authorities have
been...

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists