Subject Re: [IB-Architect] Fw: Mischievous SYSDBA
Author Doug Chamberlin
At 5/26/00 06:37 PM (Friday), Jan Mikkelsen wrote:
>Charlie Caro <ccaro@...> wrote:
> >Keeping these digital certificates in a database or file at the end user's
> >ite would defeat the whole purpose of the exercise. It needs to be
> embedded in
> >he binary executables. Ownership and usage of databases is still under SQL
> >ontrol. Ownership and usage of software executables controlled by digital
> >ertificates.
>Unless I've missed something fundamental, the executables are just files at
>the end user's site, and the whole point of the exercise has been defeated.

Isn't the missing fundamental item that the digital certificates are
validated by a third party at runtime? If you alter them or replace them
with other certificates the third party certificate authority will not
validate them.