> On 8/26/2014 1:01 PM, [email protected] wrote: >> There is no such thing as a security system that has "one" entity, well, >> perhaps a stone or a brick. There is *always* at least one mechanism >> that >> protects and one mechanism that provides access. > > An example is a code signing key. In a shared system, many agents > possess copies of this key. Each agent is an entity. Each of these > entities is a single point of compromise.
This is basically a strawman argument because while it could be done this way, no one in their right minds would do it this way. That does not typify what a shared system would look like. > > In a distributed system, the code signing key is split and distributed > among several agents. Again, each agent is an entity. Since no one > entity has the entire key the compromise of one entity cannot compromise > the whole key and thus the whole system. But, the code signing is exactly the point. There is a "key" that signs the code and there is another key (cert or whatever) that verifies the code signing key. If multiple entities can sign the code with their own key, then clients must have copies of each cert to verify the signing key. Unless there is a 1:1 relationship between the signers and the signees (which would be pointless) any one of the clients must maintain all the key certs, in which case, any one system would compromise the whole. > > Does the explanation make sense? No, not really. > > -- > Rich P. > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
