Date: Thu, 7 Jun 2012 09:40:27 +0200 From: Damien Fleuriot <ml@my.gd> To: Robert Bonomi <bonomi@mail.r-bonomi.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? Message-ID: <7957D8B9-6317-43DB-9D9D-A12BE7AF494C@my.gd> In-Reply-To: <201206062354.q56NsMAA037016@mail.r-bonomi.com> References: <201206062354.q56NsMAA037016@mail.r-bonomi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7 Jun 2012, at 01:54, Robert Bonomi <bonomi@mail.r-bonomi.com> wrote: >> =46rom owner-freebsd-questions@freebsd.org Wed Jun 6 18:13:09 2012 >> Date: Thu, 07 Jun 2012 00:09:54 +0100 >> From: Bruce Cran <bruce@cran.org.uk> >> To: Robert Bonomi <bonomi@mail.r-bonomi.com> >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Is this something we (as consumers of FreeBSD) need to be aw= are >> of? >>=20 >> On 06/06/2012 20:27, Robert Bonomi wrote: >>> Suppose I put up a web app that takes an executable as input, signs it=20= >>> with my key, and returns the signed filt to the submitter. I don't=20 >>> divulge the key to anyone, just use it on 'anything'. Anybody=20 >>> attempting to revoke on _that_ basis is asking for a lawsuit. >>=20 >> To me it would be perfectly reasonable to revoke the key as soon as you=20= >> signed the first piece of malware. >=20 > It may seem reasonable to you, but is there -legal- basis to do so?=20 >=20 > 'signing' only provides assurance of the identity of the signer. I did > sign it. The key has not been compromised. The software in question=20 > is tracable to the signer, but the signer never claimed it was 'error free= ', > what conract or statute did they breach by doing the signing? =20 >=20 Signing anything and everything defeats the purpose the key and this whole c= harade are implemented for. Under the contract's undoubtedly carefully penned clauses, this would allow f= or a key revocation. Make no mistake, they'll go over that contract for several weeks, giving the= mselves as much manoeuvring room as possible.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7957D8B9-6317-43DB-9D9D-A12BE7AF494C>