>Basically, you “attest” (that is “certify formally”) that the driver works, and if it doesn’t work, you “attest” that you’ll fix it.
I don’t think that’s really the purpose of attestation signing, I think it’s to be able, if some piece of code does something hostile, to track down WHO that code came from. You attest that YOU are responsible for the bits in that driver. A side effect is virus writers don’t exactly want their legal address attached to their virus via a digital signature, they want to be anonymous. Even from a serious bug point of view, if you can’t track down who the developer of the buggy code is, it’s hard to get them to do something about it.
It’s like you register your car and get a license plate, which does not guarantee the drivers of that car will not be reckless, but if that car is seen doing something reckless, they have a much better chance of a starting point for an investigation.
Jan
Jan Bottorff wrote:
> Basically, you “attest” (that is “certify formally”) that the driver works, and if it doesn’t work, you “attest” that you’ll fix it.
I don’t think that’s really the purpose of attestation signing, I think it’s to be able, if some piece of code does something hostile, to track down WHO that code came from. You attest that YOU are responsible for the bits in that driver. A side effect is virus writers don’t exactly want their legal address attached to their virus via a digital signature, they want to be anonymous. Even from a serious bug point of view, if you can’t track down who the developer of the buggy code is, it’s hard to get them to do something about it.
Nope. That was the purpose of the ORIGINAL driver signing requirement,
and that’s a justification that I can understand. But with attestation
signing, you don’t have to put your own signature in the package at
all. You have to have an WHQL account, and creating that account
required a certificate, but an attestation-signed package need not have
any signature besides Microsoft’s.
It’s like you register your car and get a license plate, which does not guarantee the drivers of that car will not be reckless, but if that car is seen doing something reckless, they have a much better chance of a starting point for an investigation.
Attestation signing is more like driving a rental car. The license
plate belongs to Avis. I have attested to Avis that I will drive
responsibly, but Avis has to trust that I am who I said I was.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Since Microsoft does the attestation signing, and that signing is associated with your WHQL account, Microsoft knows exactly who claims to be responsible for that code. Every signature has a unique serial number (a signature is the encryption of a hash with the signer private key), which I’m sure Microsoft records as part of the signing process. The attestation signing essentially makes the originator private to the public, but known by Microsoft.
Jan
On 2/27/17, 10:29 AM, “xxxxx@lists.osr.com on behalf of Tim Roberts” wrote:
You have to have an WHQL account, and creating that account
required a certificate, but an attestation-signed package need not have
any signature besides Microsoft’s