Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is a way. Allow at least one more certification authority. Let, say, Verisign sell code signing certificates for OS X. This will ensure that Apple is not the only party in control of which software runs on Macs.

I have the third option, but I will also have to explain this option to the users of my software. Plus, the option is not granular -- it seems like you cannot disallow all unsigned software, but make exceptions.



This feature would not be better if the sewer vampires that run the SSL CAs got to control it.


What moral argument are you using where Apple comes out on top and SSL CAs don't?


Is that a serious question?

Here, let's try just one response and you just (safely) assume that it stands in for a myriad of other similarly horrible issues:

Likelihood that Apple will sell its CA root key to an unnamed Fortune 500 company under NDA to make some kind of software rollout problem simpler for them at the expense of the security of every Mac computer in the world? Zero.

Likelihood that an SSL CA will, after sucking the intestines out of a freshly killed puppy dog using its razor sharp SSL CA proboscis, sell its CA root key to an unnamed Fortune 500 company under NDA to make some kind of software rollout problem simpler for them at the expense of the security of every Mac computer in the world? Not zero. Not close to zero.


1. Will it prevent Apple from controlling which software runs on Macs? Yes.

2. Will the code signing scheme be more vulnerable to malware because of the third-party CA? _____ (fill in)


   2. ___ YES ___


I agree. But it's still better than letting Apple be the only CA. Would you like to have a single CA for TLS?


Huh? It is the opposite of better.


> Let, say, Verisign sell code signing certificates for OS X.

How many security breaches has Verisign had? Allowing 3rd party authorities to issue certificates would simply weaken the security that the feature provides. Moreover, it would mean that Apple cannot revoke the certificates, defeating the entire point of the feature.

> it seems like you cannot disallow all unsigned software, but make exceptions.

That would be a pretty broken feature. The only ways for OS X to handle that would be for it to say "screw it, I don't care what's in this specific directory, you can run it", which means that the directory becomes a vector for malware, or to disallow updating the directory once you exclude it, so that the OS can be sure that what you allowed is actually what's running. Both of these are pretty terrible options.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: