Disagree. It’s massive difference in attack surface.
-
-
Replying to @rmhrisk @carrickdb and
Yep, I guess we do disagree on this. I don't see a significant difference in attack surface to build and package signing infra, which already regularly gets popped and that's good enough to defeat FDE today. Where do you see the difference?
1 reply 0 retweets 0 likes -
Replying to @taviso @carrickdb and
Show me Apple, Google or Microsoft signing infra getting popped regularly and maybe I’ll believe you that it a regular occurrence in related systems. Even then layering the changes to accommodate frequency of access and associated authentication problems is massively different.
1 reply 0 retweets 1 like -
Replying to @rmhrisk @carrickdb and
I don't follow, Microsoft build infra was just recently popped?
1 reply 0 retweets 0 likes -
Replying to @taviso @carrickdb and
I’m not familiar with the details of that incident so I can’t comment but your word was “frequently” not “once”.
2 replies 0 retweets 0 likes -
Replying to @rmhrisk @carrickdb and
It's happened at Adobe multiple times, as well as Debian and Red Hat. It only happened at DigiNotar once, but you use that example, no?
2 replies 0 retweets 0 likes -
Replying to @taviso @carrickdb and
CA compromise is far more common that Diginotar; it’s only the case that ended up as front page with research papers. But comparing Authenticode key compromise to os signing infra compromise is
to
.1 reply 0 retweets 0 likes -
Replying to @rmhrisk @carrickdb and
I don't know if CA compromise is more common than build server compromise, I think it might be close. I agree it's different, but the point is both would be good enough to defeat FDE, do we agree on that?
1 reply 0 retweets 0 likes -
Replying to @taviso @carrickdb and
I don’t think so; you seem to be operating on a misconception of how these systems work today; I’m happy to agree that if they reduced the security of of these keys and their use to match your understanding then yes.
1 reply 0 retweets 0 likes -
I’m also happy to say that keys used for authenticating patches, loaders and other sensitive components are atleast if not more important that CA keys.
1 reply 0 retweets 0 likes
I think I understand it pretty well and you might be disappointed, but let's hope I'm wrong 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.