From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 23:10:47 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 04BE61065672 for ; Wed, 6 Jun 2012 23:10:47 +0000 (UTC) (envelope-from bruce@cran.org.uk) Received: from muon.cran.org.uk (muon.cran.org.uk [93.89.92.64]) by mx1.freebsd.org (Postfix) with ESMTP id ACCF18FC12 for ; Wed, 6 Jun 2012 23:10:46 +0000 (UTC) Received: from muon.cran.org.uk (localhost [127.0.0.1]) by muon.cran.org.uk (Postfix) with ESMTP id 79608E64B5; Thu, 7 Jun 2012 00:11:23 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cran.org.uk; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mail; bh=btC28Xbtcmu7 xE9TF65XDZdiZ2E=; b=HphwVIjZ3w6JCvsxL8s4iBWMxAx1WsQwODH8JSvM3MVS NK1oJLe2yq1aNAsjfb/9HtEQT1nz6YDNfCH0Gb2sBn3DbsDJsEZ+lipBLjPGYaF+ 0LzmSfaxfHZUTgrWsWgKIwimQ5QeVycQSp7sF933SqJiQutn1wIlleecO2EA1HE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=cran.org.uk; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=mail; b=JpbkSh 8gtbRk3gBrDGN5S+fiJTPuG0XE/6flGgcxzMjNeRF66mBWb8/tCcIOQ3jklJuSNZ 3W5kxMBs2AjDUGeTgO9wnAb46CcA85vSY+KWKowHZj+fKGfgZvUOdW+le2GzBGCz ltSRt3r5urGp51Th3lGwLnPORKFs1rhAQaigY= Received: from [192.168.2.12] (unknown [93.89.81.205]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by muon.cran.org.uk (Postfix) with ESMTPSA id E0FF0E643C; Thu, 7 Jun 2012 00:11:22 +0100 (BST) Message-ID: <4FCFE342.2050809@cran.org.uk> Date: Thu, 07 Jun 2012 00:09:54 +0100 From: Bruce Cran User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120604 Thunderbird/13.0 MIME-Version: 1.0 To: Robert Bonomi References: <201206061927.q56JRPLp033735@mail.r-bonomi.com> In-Reply-To: <201206061927.q56JRPLp033735@mail.r-bonomi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 23:10:47 -0000 On 06/06/2012 20:27, Robert Bonomi wrote: > Suppose I put up a web app that takes an executable as input, signs it > with my key, and returns the signed filt to the submitter. I don't > divulge the key to anyone, just use it on 'anything'. Anybody > attempting to revoke on _that_ basis is asking for a lawsuit. To me it would be perfectly reasonable to revoke the key as soon as you signed the first piece of malware. And then anyone who has used the service is left with broken binaries, so the model fails. -- Bruce Cran