User: Password:
|
|
Subscribe / Log in / New account

still a few glitches in the system...

still a few glitches in the system...

Posted Nov 20, 2012 21:35 UTC (Tue) by Wol (guest, #4433)
In reply to: still a few glitches in the system... by jcm
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

But why bother wrapping it up AT ALL!

That's the point - it requires MS technologies for something that shouldn't need it. It's a bit like telling Ford owners that they can only buy their petrol from pumps on a Ford garage forecourt.

Why should I have to wrap the binary up, when they're simply going to unwrap it at the other end? If it was going by Royal Mail, I can see the point of wrapping it up in paper, but on the Intar-tubes?

Cheers,
Wol


(Log in to post comments)

still a few glitches in the system...

Posted Nov 20, 2012 22:17 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

Probably for the same reason that people use cut&pasted code snippets from random sites to generate self-signed certs.

I.e. nobody freaking understands how this certificate crap works. Microsoft has a set of tools for cryptographic operations that hasn't changed much since late 90-s and probably only a few engineers in Microsoft know how they work. Coincidentally, these tools prefer CABs for file containers.

still a few glitches in the system...

Posted Nov 20, 2012 22:39 UTC (Tue) by khim (subscriber, #9252) [Link]

I think you are overthinking things here. Microsoft uses CAB because CAB was designed for such use from the beginning.

The only question which can ever be asked is: why have not Microsoft switched to some other non-proprietary format and if you frame the question like this then the answer is self-obvious, isn't it?

still a few glitches in the system...

Posted Nov 20, 2012 22:35 UTC (Tue) by khim (subscriber, #9252) [Link]

But why bother wrapping it up AT ALL!

My mother always said: don't ask stupid question which you can answer yourself. I can not believe I see this stupidity here on LWN.

Why should I have to wrap the binary up, when they're simply going to unwrap it at the other end?

Think. That's kind of obvious.

P.S. And no, "wrapping is done to annoy Linux users" is wrong answer. Wrapping is actuslly essential to the process. Why it's done using Microsoft's tools and not, for example, PGP is obvious.

A motherly request

Posted Nov 20, 2012 22:40 UTC (Tue) by corbet (editor, #1) [Link]

Can I play your mother for just a moment and suggest that calling people stupid is not the politest way to behave? We don't need to throw in that kind of gratuitous insult, really. Please?

A motherly request

Posted Nov 20, 2012 22:50 UTC (Tue) by khim (subscriber, #9252) [Link]

Can I play your mother for just a moment and suggest that calling people stupid is not the politest way to behave? We don't need to throw in that kind of gratuitous insult, really. Please?

Sure. Just please explain where exactly I've implied that anyone here is stupid. Someone is obviously hasty, sure, but I'm pretty sure anyone (including Wol) can answer this question if they'll spend few minutes thinking - which makes the question stupid, isn't it?

A motherly request

Posted Nov 21, 2012 1:35 UTC (Wed) by davidescott (guest, #58580) [Link]

I have to say Wol's suggestion that it not be wrapped is if not stupid, intentionally obtuse. It comes from the:
We hate Microsoft. Everything they do is evil. Unencumbered by the thought process.

Wol's was given a very good example of how we do things differently from the Windows and ignored it entirely. Are we to blame CYGWIN because it ships the underlying packages via RPM.

Its always going to be wrapped. Some wrappers are just more complex than others. Whether it be CAB or ASCII armored, its wrapped. The only way it would not be wrapped if it were a (void *) pointer of a specified length, which isn't a practical way of transmitting the data to different hosts.

Microsoft chose the wrapper that made sense for them. I don't see how we can criticize them on that basis.

A motherly request

Posted Nov 21, 2012 8:46 UTC (Wed) by jcm (subscriber, #18262) [Link]

Indeed. There was a time when I thought it was just hilarious to misquote biblical verse implying Gates was some satanic figure, or just to hate on Microsoft on principle. I was a lot younger, and far more naive then. Now, I realize they're just a corporation in a business community that we are also part of, and we disagree in how one should go about implement, distribute, and market software, and so on. But we should just accept that for a moment and ask ourselves if - from their viewpoint - any of this process is odd. To me, wrapping things in a CAB and so on sounds a lot like me saying "oh, just wrap it in an RPM..." and then having someone who prefers ipkg files complaining I am doing something strange.

A motherly request

Posted Nov 21, 2012 9:38 UTC (Wed) by Wol (guest, #4433) [Link]

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

Cheers,
Wol

A motherly request

Posted Nov 21, 2012 12:23 UTC (Wed) by khim (subscriber, #9252) [Link]

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

Sure, if you want to create service which just signs random sequences of bytes without any verification then this approach will work just fine - but this will kind of defeat the purpose: anyone will be able to sign any kind of junk in this case thus you can just rip out the whole signature checking process: it'll be more honest, surely.

But of course Microsoft is not crazy: it's process includes two parts (actually more, but it should include at least two). You've forgotten about vital, yet extremely important part of the whole process: first we must make sure the file presented have actually come from trusted source (from someone who've gotten the certificate and signed some papers) and then we need to sign it with Microsoft's key.

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

That's for the second part of the process. First part (which checks the credentials) is generic - as it should be (you should not invent new cryptoprocedures unless you must). And for that part signed CAB makes perfect sense: this is format designed for just such a use, after all!

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

And how exactly do you prevent forgery in this case? You use PGP, S/MIME, or some other container format which add the signature, isn't it? Well, Microsoft prefers signed CAB for obvious reason.

A motherly request

Posted Nov 21, 2012 12:36 UTC (Wed) by khim (subscriber, #9252) [Link]

Wol's was given a very good example of how we do things differently from the Windows and ignored it entirely. Are we to blame CYGWIN because it ships the underlying packages via RPM.

Just a nit (since I've fought with Cygwin's distribution system half a year ago and was kind of surprised by it's baroquiness). Cygwin does not use RPM. It uses tar.bz2 files plus an external file with MD5 (yes, MD5 - in this day and age!) hashes for said files and only that one file is signed.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds