Date: Thu, 07 Jun 2012 00:09:54 +0100 From: Bruce Cran <bruce@cran.org.uk> To: Robert Bonomi <bonomi@mail.r-bonomi.com> Cc: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? Message-ID: <4FCFE342.2050809@cran.org.uk> In-Reply-To: <201206061927.q56JRPLp033735@mail.r-bonomi.com> References: <201206061927.q56JRPLp033735@mail.r-bonomi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/06/2012 20:27, Robert Bonomi wrote: > Suppose I put up a web app that takes an executable as input, signs it > with my key, and returns the signed filt to the submitter. I don't > divulge the key to anyone, just use it on 'anything'. Anybody > attempting to revoke on _that_ basis is asking for a lawsuit. To me it would be perfectly reasonable to revoke the key as soon as you signed the first piece of malware. And then anyone who has used the service is left with broken binaries, so the model fails. -- Bruce Cran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FCFE342.2050809>