[sldev] OpenID & SSL certificates

[Argent Stonecutter]

On 01-Oct-2007, at 20:09, Ryan McDougall wrote:
> Most linux distro's ship SELinux enabled.

That's nice. Look, I've been working with "better than C2" UNIX for  
decades, and none of them implement the kind of mandatory access  
control at every level that I'm talking about here. The closer they  
get the more of a pain in the ass they are. Maybe one percent of the  
people even running SL on Linux are going to bother, and they're the  
people who least need it, because Linux users (let alone paranoid  
Linux users) aren't the kind of people likely to get phished in the  
first place.

> While youre definitely right, there is more than one way to attack a
> crypto binary from a compromised SL viewer,

If you have a compromised SL viewer you don't have to attack  
anything. You already have the golden ring, you've won. The goal here  
is not protecting the cryptosystem, it's protecting the viewer. The  
big sloppy viewer that's using a couple of dozen big sloppy shared  
libraries. Once the bad guy has ANY compromised software on your  
computer, the viewer is dead meat.

So that's the trick. How do you protect the viewer? Well, one, you  
don't require people to run any other big sloppy GUI applications to  
use it. Like, you know, a browser?

So...

This doesn't solve the problem that's important to solve, it just  
makes it worse, by bringing in a previously unnecessary component...  
without actually making the viewer itself any more resistant to  
compromise.

You haven't put up another door in front of the valuables, you've  
knocked a hole in the wall NEXT to the door that's already there, and  
put a really secure door up in its place.