PGP, Snow Leopard, and Technological Illiteracy

Christopher Smith x at xman.org
Fri Sep 4 01:27:58 PDT 2009


R.A. Hettinga wrote:
> It dawns on me that Apple PGP-signs all its security announcements,  
> etc.
>
> Are *they* using Snow Leopard?
As a software developer (in no way affiliated with PGP --not even a
customer), this thread has fascinated me, particularly given the long
discussion about "technological literacy". Let me clarify some things.

1) PGP signatures still work fine. The core encryption mechanism in PGP
is actually open source and not closely coupled with any operating
system as it uses little more than the standard C runtime. I'd be
willing to bet big money it doesn't even require a recompile to work
with Snow Leopard. This is all that is needed to create PGP signatures
or verify them, or to encrypt or decrypt data.

2) That has almost nothing to do with PGP's commercial products. What
PGP sells isn't the encryption algorithm, but rather an integration of
said encryption in to your computer's operation. This necessarily
involves a LOT of hooks in to the operating system.

3) In order to do what PGP does, you become sensitive to changes in both
the kernel and user space. While Snow Leopard may seem like a trivial
update to the operating system to end users, it was involved some pretty
significant changes to parts of the underlying platform (which is why it
didn't take Apple just a couple of months to do it). To get an idea of
the changes, if you are in Apple's Developer program (free for base
membership), you can look at this link:

http://developer.apple.com/mac/library/releasenotes/MacOSX/WhatsNewInOSX/Articles/MacOSX10_6.html#/ 
/apple_ref/doc/uid/TP40008898-SW1

This is a 7000+ word document providing an *overview* of the changes. It
contains links to 15 pdf documents that describe specific changes to
different parts of the application level API, including two just for
security. It also includes a link to a document providing a summary of
the kernel level changes, which itself has links to at least a dozen
different articles describing different changes and design challenges
involved with the new kernel design. I can tell you that even all this
documentation misses some of the more subtle changes. These are NOT
trivial changes.

The changes involved unsurprisingly effect different kinds of programs
differently. I'm sure a whole host of applications were barely impacted
by the changes. However, what PGP does is particularly likely to be
impacted, because it is very closely coupled with the kernel, needs to
integrate kernel changes throughout user space, and most importantly of
all: it is a security product.

4) PGP is far from the only vendor effected this way. Particularly in
the security space, I've seen a ton of problems. Even the giant Cisco is
having problems getting all their security products to work with Snow
Leopard.

5) Snow Leopard is particularly problematic because of its unique mix of
64-bit and 32-bit options. Most platforms allow for 32-bit kernel +
32-bit drivers + 32-bit applications. If they have a 64-bit kernel, then
it requires 64-bit drivers and 64-bit applications, often with support
for 32-bit applications as well. Snow Leopard, because of concerns about
getting everyone to update in time for the release, supports almost
every permutation you could manage of the above. This was done using all
kinds of memory management tricks. Ironically, all of this work makes
compatibility far more difficult for products like PGP that tightly
integrate with the OS's memory management and have to deal with
application space/kernel space interactions, because they need to cover
all the possible permutations and combinations of the above, and they
need to have work arounds for the various "tricks" employed to make this
work (some of which may break fundamental assumptions in how the product
works).

6) Commercial security software is a real pain. You have to handle all
the little corner cases that nobody ever thinks about. It is VERY common
for new features in an operating system or even new features in
applications to be released without full consideration of the security
consequences of this, and commercial security software has to not only
fix these problems, but identify them before they every ship their
product. The problems are often quite subtle, and it isn't unusual for
security researchers to discover them only years after they first
occurred. If you fail on those, the solution isn't as simple as
"download this update", because at that point security has been
breached, and the cat is out of the bag, or worse still with an
encryption product: you can have irrecoverable data loss. Different
firms react to this differently, but PGP and a few other firms involved
with encryption in particular consider this kind of a problem a failure
of the product. So, it isn't sufficient just to look at changes in the
operating system, you also have to look at changes application and
driver developers are making in reaction to changes in the platform.
This makes it terribly difficult to have a ready product on the day a
new operating system is released.

Now, despite all of the above, it is entirely possible to have a
commercial security product ready for a new operating system release. It
requires a devotion of significant resources and careful management, but
given that people are paying you money (although PGP doesn't get nearly
as much as a lot of other vendors) to make it happen, it is achievable.
It is, however, difficult to predict how many resources and how much
time you'll need to be ready, and so it is actually quite likely you can
miss your deadline. Some commercial vendors choose to cut a lot of
corners to avoid this happening. I see it all the time and it gets
really ugly. The stuff I've seen specifically with security products are
absolutely horrific, and they rely on users not really knowing what the
software is doing (because if they did, they'd never run it). The irony
here is that the technological illiteracy of the market place means that
it rewards bad behavior and punishes good behavior. This is the kind of
dysfunction caused by technological illiteracy that we ought to be
concerned about.

Honestly, if you care at all about security and rely on commercial
security software, I wouldn't recommend switching to Leopard right off
the dot no matter what your commercial vendors tell you,  because it is
highly improbable that a given product really is "ready", and it is
virtually impossible to determine which ones are. I for one applaud PGP
for making the tough call and holding off on a release until they felt
100% confident about their product. They did this knowing full well that
the "technological illiteracy" of their user base means that the move
will be interpreted negatively and seen ironically as a sign of them not
being sensitive to their user's needs.

--Chris


--
If you want to unsubscribe or change your address, use this link:
http://emperor.tidbits.com/webx?unsub@@.3c3f6899!u=30544749





More information about the cypherpunks-legacy mailing list