Dailydave mailing list archives
Re: Your trusted computing base is not what you think it is! :>
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 18 Jul 2010 20:45:38 +0200
The good thing about their signing key is that it's static (does not change too often) and can be revoked,
Only if the key is virtually unused. If it is not, revocation is close to impossible because of the impact on legitimate signatures. There are some attempts to address this (like timestamping signatures from a trusted third party), but that doesn't help if your key material is compromised and you continue to use it to create new signatures. You could require that signatures are stored on tamper-proof devices which cannot leak the key material, but once you've got such a platform, there are numerous incentives to open it up, so you tend to lose security over time (if the platform secure in the first place, which is doubtful). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Your trusted computing base is not what you think it is! :> dave (Jul 15)
- Re: Your trusted computing base is not what you think it is! :> Shane (Jul 15)
- Re: Your trusted computing base is not what you think it is! :> Florian Weimer (Jul 19)
- Re: Your trusted computing base is not what you think it is! :> Shane (Jul 15)