From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 18:45:02 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25C6F1065675 for ; Wed, 6 Jun 2012 18:45:02 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id A3B868FC15 for ; Wed, 6 Jun 2012 18:45:01 +0000 (UTC) Received: by eaac13 with SMTP id c13so1963915eaa.13 for ; Wed, 06 Jun 2012 11:45:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=P1ToxmWVQ2PuI3zBhX6oTQT8JBBfCNBwsuITnmUoOZI=; b=B7jY+zX/PSJSQ3VRKss3XxpbFik/T6a/aYXKmgpcFPDc9+9ExyDCrKrkHfB9xbciB7 /ymDipF4chogNY8BYS314Up2xw4P/qrlOCKc1fCeOvXXVfXAQs5aPhUjLag2JsjUOP/I ZQGr11l7HPw4GOXdQsbZRHWZnZD0opIEQuDOG5N7RgHtaSkqje7+kqMHbHeSjb6u6oPB SfK0MzYHpxVc3zi973yoJxaGEjz5/5ztO5mW0ktgkrrL6AZlhJ36XyN5PDNEx/XK80xg +Syh4fyj2ZBB3FQO8jplIDN7PtLU9C8v61dteX8heWq+nglBXj8G0AB3nWD1al9IARaG GQtA== Received: by 10.14.188.139 with SMTP id a11mr9936953een.139.1339008300311; Wed, 06 Jun 2012 11:45:00 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id t3sm2242641eeb.15.2012.06.06.11.44.59 (version=SSLv3 cipher=OTHER); Wed, 06 Jun 2012 11:44:59 -0700 (PDT) Message-ID: <4FCFA529.1020703@my.gd> Date: Wed, 06 Jun 2012 20:44:57 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <201206061723.q56HNkaF032427@mail.r-bonomi.com> In-Reply-To: <201206061723.q56HNkaF032427@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQlZdizrO7s6zPgyQILzvPVue/uolmbNy1ptGaOrZqxelKGc2ZOA07E2JEN8BAX7XyO/yNAJ Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 18:45:02 -0000 On 6/6/12 7:23 PM, Robert Bonomi wrote: > "Julian H. Stacey" wrote: >> >>> I do wonder about that. What incentive does the possesor of a signing key >>> have to keep it secret? >> >> Contract penalty clause maybe ? Lawyers ? > > Contract with _whom_? The party you pay money to -- Verisign -- simply > certifies that the party buying the certificate/signing-key -is- who they > claim to be. > > It is *entirely* up to the owner of that certificate/signing-key -who- they > allow to use it. > > If someone/anyone attempts to 'revoke' that certificate/key _other_ than > at the request of the owner of that certificate/key, *THAT* party is subject > to legal sanctions. Among other things, 'false persona', 'tortuous inter- > ference in a business relationship', just to name a few. > > There is, however, an 'interesting' legal question -- *if* a party were to > let 'anybody' use their certificate/key, what is the certificat/key owner's > legal liability if someone uses that key to sign malware? > > Standard contract writeup stipulates that only a limited set of 'authorized' company representatives be given access to the Signing Key. If the key should be divulged, then the key may be revoked by the issuer.