From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 16:52:25 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A18C1065674; Wed, 6 Jun 2012 16:52:25 +0000 (UTC) (envelope-from feenberg@nber.org) Received: from mail2.nber.org (mail2.nber.org [66.251.72.79]) by mx1.freebsd.org (Postfix) with ESMTP id 66EDA8FC15; Wed, 6 Jun 2012 16:52:24 +0000 (UTC) Received: from nber6 (nber6.nber.org [66.251.72.76]) by mail2.nber.org (8.14.4/8.14.4) with ESMTP id q56GqGR0019627; Wed, 6 Jun 2012 12:52:17 -0400 (EDT) (envelope-from feenberg@nber.org) Date: Wed, 6 Jun 2012 12:45:48 -0400 (EDT) From: Daniel Feenberg X-X-Sender: feenberg@nber6 To: "Julian H. Stacey" In-Reply-To: <201206061630.q56GUJj7093472@fire.js.berklix.net> Message-ID: References: <201206061630.q56GUJj7093472@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20120606 #8143329, check: 20120606 clean Cc: Jerry , Matthew Seaman , FreeBSD Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 16:52:25 -0000 On Wed, 6 Jun 2012, Julian H. Stacey wrote: >> I do wonder about that. What incentive does the possesor of a signing key >> have to keep it secret? > > Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. > > Otherwise one of us would purchase a key for $99, & then publish > the key so we could all forever more compile & boot our own kernels. > But that would presumably break the trap Microsoft & Verisign seek > to impose. > Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg