From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 18:40:30 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EE5AD1065677 for ; Wed, 6 Jun 2012 18:40:30 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7BCD38FC1A for ; Wed, 6 Jun 2012 18:40:30 +0000 (UTC) Received: by eeke49 with SMTP id e49so2724933eek.13 for ; Wed, 06 Jun 2012 11:40:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=tmfFcM/puZJl4OmKdxMsq5FR31T1vRA4scafsxAEUEY=; b=RoIraXs3AhikKK9ihlaainoRn0Qgdzwy8aNpuZC3btLuLi3+VEF1yxmWBtTvYiZ7Fw Xc/DiZDtdEn2AQTS+9+ugATCSVyAYD63qfqZSoCRlq/CiV1xJuh69SXvTniLQsLewZBJ 1HhNFHKst7NRD5jNWVmZnsHjo7UHzhOkqwQg+iqLHbW7lgwXp+3sgQAuR6cat4rZ4gDl 3MWYmCw2/Y/wYqhX4LY+mvWXN8kSYNX0GPVMi7JI7tVAkjQZXG547AzgWfza5nqxGwl9 A+M7EOiHuO6q4y346OHUvHB2uj5GkLJrat1VMeHlMzxFeaGY8A3hHJo0XE9i8ylYjLv9 kNCA== Received: by 10.14.101.78 with SMTP id a54mr8989255eeg.92.1339008029014; Wed, 06 Jun 2012 11:40:29 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id y54sm2232868eef.10.2012.06.06.11.40.27 (version=SSLv3 cipher=OTHER); Wed, 06 Jun 2012 11:40:28 -0700 (PDT) Message-ID: <4FCFA41A.4010506@my.gd> Date: Wed, 06 Jun 2012 20:40:26 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <201206061630.q56GUJj7093472@fire.js.berklix.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlWMeqfefEhbe63cb5L2BOKGhoYggVzY5lEu0bSfqDCAigkIa1XL4KbHSITal1iw4uvofNh Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 18:40:31 -0000 On 6/6/12 6:45 PM, Daniel Feenberg wrote: > > > On Wed, 6 Jun 2012, Julian H. Stacey wrote: > >>> I do wonder about that. What incentive does the possesor of a signing >>> key >>> have to keep it secret? >> >> Contract penalty clause maybe ? Lawyers ? > > A limited-liability company with no assets is judgement-proof. > >> >> Otherwise one of us would purchase a key for $99, & then publish >> the key so we could all forever more compile & boot our own kernels. >> But that would presumably break the trap Microsoft & Verisign seek >> to impose. >> > > Could it really be that simple? As for hardware vendors putting revoked > keys in the ROM - are they really THAT cooperative? Seems like they > would drag their feet on ROM updates if they had to add a lot of stuff > that won't help them, so that doesn't seem like a great enforcement tool. > > dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. Otherwise the key's purpose is rendered moot.