On Wed, 6 Jun 2012, Damien Fleuriot wrote:
On 6/6/12 6:45 PM, Daniel Feenberg wrote:
On Wed, 6 Jun 2012, Julian H. Stacey wrote:
I do wonder about that. What incentive does the possesor of a signing
key
have to keep it secret?
Contract penalty clause maybe ? Lawyers ?
A limited-liability company with no assets is judgement-proof.
Otherwise one of us would purchase a key for $99, & then publish
the key so we could all forever more compile & boot our own kernels.
But that would presumably break the trap Microsoft & Verisign seek
to impose.
Could it really be that simple? As for hardware vendors putting revoked
keys in the ROM - are they really THAT cooperative? Seems like they
would drag their feet on ROM updates if they had to add a lot of stuff
that won't help them, so that doesn't seem like a great enforcement tool.
dan feenberg
Oh god...
Please realize that once the key is divulged, it gets revoked at the
BIOS' next update.
But my point is that MS doesn't issue the updates, they have to ask the
BIOS vendors to do so, and then the MB vendors have to take the update,
and then the users have to install the update. The incentive at each level
is generally very small. It does create some confusion, but is hardly an
enforcement mechanism. It would disable older versions of FreeBSD on newer
hardware, but not much else.
A previous poster has pointed out that MS can't revoke a certificate
belonging to RH, but I suppose the could ask the BIOS vendors to treat it
as revoked. I don't know what the response would be.
Daniel Feenberg
Otherwise the key's purpose is rendered moot.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
