Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Jun 2012 12:23:46 -0500 (CDT)
From:      Robert Bonomi <bonomi@mail.r-bonomi.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Is this something we (as consumers of FreeBSD) need to be aware of?
Message-ID:  <201206061723.q56HNkaF032427@mail.r-bonomi.com>
In-Reply-To: <201206061630.q56GUJj7093472@fire.js.berklix.net>

next in thread | previous in thread | raw e-mail | index | archive | help

"Julian H. Stacey" <jhs@berklix.com> wrote:
>
> > I do wonder about that. What incentive does the possesor of a signing key 
> > have to keep it secret? 
>
> Contract penalty clause maybe ? Lawyers ?

Contract with _whom_?  The party you pay money to -- Verisign -- simply
certifies that the party buying the certificate/signing-key  -is- who they 
claim to be.

It is *entirely* up to the owner of that certificate/signing-key -who- they
allow to use it.

If someone/anyone attempts to 'revoke' that certificate/key _other_ than
at the request of the owner of that certificate/key, *THAT* party is subject
to legal sanctions.  Among other things, 'false persona', 'tortuous inter-
ference in a business relationship', just to name a few.

There is, however, an 'interesting' legal question -- *if* a party were to
let 'anybody' use their certificate/key, what is the certificat/key owner's
legal liability if someone uses that key to sign malware?






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206061723.q56HNkaF032427>