From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 20:42:29 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id ACCF9106564A for ; Wed, 6 Jun 2012 20:42:29 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by mx1.freebsd.org (Postfix) with SMTP id 34FE78FC08 for ; Wed, 6 Jun 2012 20:42:29 +0000 (UTC) Received: (qmail 31733 invoked by uid 0); 6 Jun 2012 20:42:28 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by cpoproxy3.bluehost.com with SMTP; 6 Jun 2012 20:42:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=apotheon.com; s=default; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=IgmaRRVRKd5TpZpAyB/ScBaaO9qCrr7dOUskcH1kaf0=; b=DPkFS87HNdW7XgG40UIUYigBkPozxWM5Pk5RYW6/buIGP5Os2VRdO2WiqBG8wvMhYwrhVS5R7xmiStxL0iShLvVwBOgh3lFp9AGylpP2fU52ZOQZCloodEDesQggGjHw; Received: from [24.8.180.234] (port=63540 helo=localhost) by box543.bluehost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.76) (envelope-from ) id 1ScN3k-0002p1-1V for freebsd-questions@freebsd.org; Wed, 06 Jun 2012 14:42:28 -0600 Date: Wed, 6 Jun 2012 14:42:27 -0600 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20120606204227.GA1495@hemlock.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20120605203717.5663bdf7.freebsd@edvax.de> <20120605181055.4af65fdb@scorpio> <4FCF0772.8000609@FreeBSD.org> <4FCF4BB8.8040703@my.gd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FCF4BB8.8040703@my.gd> User-Agent: Mutt/1.5.21 (2010-09-15) X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.com} {sentby:smtp auth 24.8.180.234 authed with perrin@apotheon.com} Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 20:42:29 -0000 On Wed, Jun 06, 2012 at 02:23:20PM +0200, Damien Fleuriot wrote: > > I agree with the whole post except that last bit about ICANN Matthew. > > The US already has enough dominance as is, without involving ICANN, a > supposedly neutral body (yeah right...) any further. Indeed. The last thing we need is some self-appointed "authority" purporting to have the last word on what qualifies as "secure". There is no need for a third-party certification of secure booting. If there is need for such a secure booting mechanism at all, it is a need for the ability of end-of-chain device owners to be able to set their own keys, without the involvement of any third parties, and an out-of-band key verification mechanism. Once again, I feel it incumbent upon me to point to examples like OpenPGP's keyserver network as the counter-proposal to a cetifying "authority" charging money to allow people to control their own system security in what amounts to a vacant lot scam. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]