W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

RE: Secure Chrome

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 12 Jun 2006 07:20:57 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37B559D5@MOU1WNEXMB04.vcorp.ad.vrsn.com>
To: "Frederick Hirsch" <frederick.hirsch@nokia.com>
Cc: "George Staikos" <staikos@kde.org>, <public-usable-authentication@w3.org>


> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] 

> What is to prevent an attack on secure chrome by simply 
> replacing the entire browser implementation, so that the 
> secure chrome isn't effective since the underlying code is 
> modified? Is the intent to remove insecure functionality so 
> that this attack would not work undetected?

Preventing that attack is the job of the operating system. If the O/S is compromised there can be no security.

Eventually no program will run unless signed by an approved party. In the enterprise the approved party will be the enterprise, in the home the machine owner. 

Even signed code will not normally run with privilleges that allow modification of the O/S or installation of drivers.


That is a different problem that the O/S providers will have to figure out. That's not our job.
Received on Monday, 12 June 2006 14:21:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC