On Wed, 6 Jun 2012, Julian H. Stacey wrote:
I do wonder about that. What incentive does the possesor of a signing key
have to keep it secret?
Contract penalty clause maybe ? Lawyers ?
A limited-liability company with no assets is judgement-proof.
Otherwise one of us would purchase a key for $99, & then publish
the key so we could all forever more compile & boot our own kernels.
But that would presumably break the trap Microsoft & Verisign seek
to impose.
Could it really be that simple? As for hardware vendors putting revoked
keys in the ROM - are they really THAT cooperative? Seems like they would
drag their feet on ROM updates if they had to add a lot of stuff that
won't help them, so that doesn't seem like a great enforcement tool.
dan feenberg
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
