PGP, Snow Leopard, and Technological Illiteracy
R.A. Hettinga wrote:
It dawns on me that Apple PGP-signs all its security announcements, etc.
Are *they* using Snow Leopard? As a software developer (in no way affiliated with PGP --not even a customer), this thread has fascinated me, particularly given the long discussion about "technological literacy". Let me clarify some things.
1) PGP signatures still work fine. The core encryption mechanism in PGP is actually open source and not closely coupled with any operating system as it uses little more than the standard C runtime. I'd be willing to bet big money it doesn't even require a recompile to work with Snow Leopard. This is all that is needed to create PGP signatures or verify them, or to encrypt or decrypt data. 2) That has almost nothing to do with PGP's commercial products. What PGP sells isn't the encryption algorithm, but rather an integration of said encryption in to your computer's operation. This necessarily involves a LOT of hooks in to the operating system. 3) In order to do what PGP does, you become sensitive to changes in both the kernel and user space. While Snow Leopard may seem like a trivial update to the operating system to end users, it was involved some pretty significant changes to parts of the underlying platform (which is why it didn't take Apple just a couple of months to do it). To get an idea of the changes, if you are in Apple's Developer program (free for base membership), you can look at this link: http://developer.apple.com/mac/library/releasenotes/MacOSX/WhatsNewInOSX/Art... /apple_ref/doc/uid/TP40008898-SW1 This is a 7000+ word document providing an *overview* of the changes. It contains links to 15 pdf documents that describe specific changes to different parts of the application level API, including two just for security. It also includes a link to a document providing a summary of the kernel level changes, which itself has links to at least a dozen different articles describing different changes and design challenges involved with the new kernel design. I can tell you that even all this documentation misses some of the more subtle changes. These are NOT trivial changes. The changes involved unsurprisingly effect different kinds of programs differently. I'm sure a whole host of applications were barely impacted by the changes. However, what PGP does is particularly likely to be impacted, because it is very closely coupled with the kernel, needs to integrate kernel changes throughout user space, and most importantly of all: it is a security product. 4) PGP is far from the only vendor effected this way. Particularly in the security space, I've seen a ton of problems. Even the giant Cisco is having problems getting all their security products to work with Snow Leopard. 5) Snow Leopard is particularly problematic because of its unique mix of 64-bit and 32-bit options. Most platforms allow for 32-bit kernel + 32-bit drivers + 32-bit applications. If they have a 64-bit kernel, then it requires 64-bit drivers and 64-bit applications, often with support for 32-bit applications as well. Snow Leopard, because of concerns about getting everyone to update in time for the release, supports almost every permutation you could manage of the above. This was done using all kinds of memory management tricks. Ironically, all of this work makes compatibility far more difficult for products like PGP that tightly integrate with the OS's memory management and have to deal with application space/kernel space interactions, because they need to cover all the possible permutations and combinations of the above, and they need to have work arounds for the various "tricks" employed to make this work (some of which may break fundamental assumptions in how the product works). 6) Commercial security software is a real pain. You have to handle all the little corner cases that nobody ever thinks about. It is VERY common for new features in an operating system or even new features in applications to be released without full consideration of the security consequences of this, and commercial security software has to not only fix these problems, but identify them before they every ship their product. The problems are often quite subtle, and it isn't unusual for security researchers to discover them only years after they first occurred. If you fail on those, the solution isn't as simple as "download this update", because at that point security has been breached, and the cat is out of the bag, or worse still with an encryption product: you can have irrecoverable data loss. Different firms react to this differently, but PGP and a few other firms involved with encryption in particular consider this kind of a problem a failure of the product. So, it isn't sufficient just to look at changes in the operating system, you also have to look at changes application and driver developers are making in reaction to changes in the platform. This makes it terribly difficult to have a ready product on the day a new operating system is released. Now, despite all of the above, it is entirely possible to have a commercial security product ready for a new operating system release. It requires a devotion of significant resources and careful management, but given that people are paying you money (although PGP doesn't get nearly as much as a lot of other vendors) to make it happen, it is achievable. It is, however, difficult to predict how many resources and how much time you'll need to be ready, and so it is actually quite likely you can miss your deadline. Some commercial vendors choose to cut a lot of corners to avoid this happening. I see it all the time and it gets really ugly. The stuff I've seen specifically with security products are absolutely horrific, and they rely on users not really knowing what the software is doing (because if they did, they'd never run it). The irony here is that the technological illiteracy of the market place means that it rewards bad behavior and punishes good behavior. This is the kind of dysfunction caused by technological illiteracy that we ought to be concerned about. Honestly, if you care at all about security and rely on commercial security software, I wouldn't recommend switching to Leopard right off the dot no matter what your commercial vendors tell you, because it is highly improbable that a given product really is "ready", and it is virtually impossible to determine which ones are. I for one applaud PGP for making the tough call and holding off on a release until they felt 100% confident about their product. They did this knowing full well that the "technological illiteracy" of their user base means that the move will be interpreted negatively and seen ironically as a sign of them not being sensitive to their user's needs. --Chris -- If you want to unsubscribe or change your address, use this link: http://emperor.tidbits.com/webx?unsub@@.3c3f6899!u=30544749
participants (1)
-
Christopher Smith