From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  6 16:52:25 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1A18C1065674;
	Wed,  6 Jun 2012 16:52:25 +0000 (UTC)
	(envelope-from feenberg@nber.org)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79])
	by mx1.freebsd.org (Postfix) with ESMTP id 66EDA8FC15;
	Wed,  6 Jun 2012 16:52:24 +0000 (UTC)
Received: from nber6 (nber6.nber.org [66.251.72.76])
	by mail2.nber.org (8.14.4/8.14.4) with ESMTP id q56GqGR0019627;
	Wed, 6 Jun 2012 12:52:17 -0400 (EDT)
	(envelope-from feenberg@nber.org)
Date: Wed, 6 Jun 2012 12:45:48 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
X-X-Sender: feenberg@nber6
To: "Julian H. Stacey" <jhs@berklix.com>
In-Reply-To: <201206061630.q56GUJj7093472@fire.js.berklix.net>
Message-ID: <Pine.GSO.4.64.1206061241470.15673@nber6>
References: <201206061630.q56GUJj7093472@fire.js.berklix.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE,
	bases: 20120606 #8143329, check: 20120606 clean
Cc: Jerry <jerry@seibercom.net>, Matthew Seaman <matthew@freebsd.org>,
	FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware
 of? 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 16:52:25 -0000



On Wed, 6 Jun 2012, Julian H. Stacey wrote:

>> I do wonder about that. What incentive does the possesor of a signing key
>> have to keep it secret?
>
> Contract penalty clause maybe ? Lawyers ?

A limited-liability company with no assets is judgement-proof.

>
> Otherwise one of us would purchase a key for $99, & then publish
> the key so we could all forever more compile & boot our own kernels.
> But that would presumably break the trap Microsoft & Verisign seek
> to impose.
>

Could it really be that simple? As for hardware vendors putting revoked 
keys in the ROM - are they really THAT cooperative? Seems like they would 
drag their feet on ROM updates if they had to add a lot of stuff that 
won't help them, so that doesn't seem like a great enforcement tool.

dan feenberg