A motherly request [LWN.net]

A motherly request

Posted Nov 21, 2012 1:35 UTC (Wed) by davidescott (guest, #58580)
In reply to: A motherly request by corbet
Parent article: Bottomley: Adventures in Microsoft UEFI Signing

I have to say Wol's suggestion that it not be wrapped is if not stupid, intentionally obtuse. It comes from the:
We hate Microsoft. Everything they do is evil. Unencumbered by the thought process.

Wol's was given a very good example of how we do things differently from the Windows and ignored it entirely. Are we to blame CYGWIN because it ships the underlying packages via RPM.

Its always going to be wrapped. Some wrappers are just more complex than others. Whether it be CAB or ASCII armored, its wrapped. The only way it would not be wrapped if it were a (void *) pointer of a specified length, which isn't a practical way of transmitting the data to different hosts.

Microsoft chose the wrapper that made sense for them. I don't see how we can criticize them on that basis.

to post comments

A motherly request

Posted Nov 21, 2012 8:46 UTC (Wed) by jcm (subscriber, #18262) [Link]

Indeed. There was a time when I thought it was just hilarious to misquote biblical verse implying Gates was some satanic figure, or just to hate on Microsoft on principle. I was a lot younger, and far more naive then. Now, I realize they're just a corporation in a business community that we are also part of, and we disagree in how one should go about implement, distribute, and market software, and so on. But we should just accept that for a moment and ask ourselves if - from their viewpoint - any of this process is odd. To me, wrapping things in a CAB and so on sounds a lot like me saying "oh, just wrap it in an RPM..." and then having someone who prefers ipkg files complaining I am doing something strange.

A motherly request

Posted Nov 21, 2012 9:38 UTC (Wed) by Wol (subscriber, #4433) [Link] (1 responses)

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

Cheers,
Wol

A motherly request

Posted Nov 21, 2012 12:23 UTC (Wed) by khim (subscriber, #9252) [Link]

Seeing as we are asking for a single file to be signed, why can't we upload that file as itself, rather than an archive? It's all very well saying "MS should use an open packaging standard", but why - if it's just one file - does it need to be packaged at all?

Sure, if you want to create service which just signs random sequences of bytes without any verification then this approach will work just fine - but this will kind of defeat the purpose: anyone will be able to sign any kind of junk in this case thus you can just rip out the whole signature checking process: it'll be more honest, surely.

But of course Microsoft is not crazy: it's process includes two parts (actually more, but it should include at least two). You've forgotten about vital, yet extremely important part of the whole process: first we must make sure the file presented have actually come from trusted source (from someone who've gotten the certificate and signed some papers) and then we need to sign it with Microsoft's key.

Well, actually, as I understood it we have a bootloader. A SINGLE file, which gets loaded and cryptographically checked. And if it's correct, it gets executed.

That's for the second part of the process. First part (which checks the credentials) is generic - as it should be (you should not invent new cryptoprocedures unless you must). And for that part signed CAB makes perfect sense: this is format designed for just such a use, after all!

If I'm sending stuff to my friends, it's usually single files, and I don't bother packing them.

And how exactly do you prevent forgery in this case? You use PGP, S/MIME, or some other container format which add the signature, isn't it? Well, Microsoft prefers signed CAB for obvious reason.

A motherly request

Posted Nov 21, 2012 12:36 UTC (Wed) by khim (subscriber, #9252) [Link]

Wol's was given a very good example of how we do things differently from the Windows and ignored it entirely. Are we to blame CYGWIN because it ships the underlying packages via RPM.

Just a nit (since I've fought with Cygwin's distribution system half a year ago and was kind of surprised by it's baroquiness). Cygwin does not use RPM. It uses tar.bz2 files plus an external file with MD5 (yes, MD5 - in this day and age!) hashes for said files and only that one file is signed.