On 8/26/2014 1:37 PM, [email protected] wrote: > This is basically a strawman argument because while it could be done this > way, no one in their right minds would do it this way. That does not > typify what a shared system would look like.
I didn't say it was smart. In fact, I've been saying that it's bad and stupid. > But, the code signing is exactly the point. There is a "key" that signs > the code and there is another key (cert or whatever) that verifies the > code signing key. But what verifies /that/ key, hmmm? > If multiple entities can sign the code with their own key, then clients > must have copies of each cert to verify the signing key. Unless there is a Say that you want to have three signing entities (agents, operators, whatever you want to call them) and require at least two of them in agreement to sign something. You take the secret key, split it into three pieces. Give each entity copies of two of the three pieces such that any two have the complete secret key between them. More properly, the signing entities have copies of pieces of the key used to decrypt the signing key which, optimally, is held by the organization's security officer who has no access to the decryption key. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
