<< Previous <<         [Session1 Index]            >> Next >>

While we are on the topic of user security needs, Microsoft 's "solution" using Authenticode requires comment.

Authenticode assumes that the software developers of the world can be lumped into 2 categories: those whom you trust with your life, and those whom you wouldn't trust for a single minute behind your back. This is analogous to giving the janitor a master key that not only opens the rooms where he has to empty the trash, but also opens the steel vault in which you keep your gold. Do you trust your janitor? Yes. Do you want to give him the key to your vault? Of course not.

In the world of Authenticode, only master keys exist. This means, if the user has to work with someone, he has to give the fellow the key to the gold vault. Needless to say, if the user goes ahead and gives someone this master key, and then finds his gold missing, the user himself gets the blame for handing over the key. In the parlance of utter candor, we refer to this as blaming the victim. The user is the victim because he didn't have a security system with even the limited flexibility of standard building keys.

One consequence is that most people and most companies will be blocked out of the user's circle of trust: far better not to have a janitor than to risk losing all your gold. Only the biggest software companies, who would be blasted into history by the media if they did something covert, will be trusted with such powerful master keys. The small companies where innovation takes place will find yet another barrier to bringing better products to fulfill the user's needs.