-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lourens Veen wrote: > On Monday 05 June 2006 14:43, Hamish Marson wrote: >> Zan Lynx wrote: >> >> Hmm.. I wouldn't say impossible... If the signing is avilable on >> the same machine, then it just needs a backdoor (e.g. a handy >> security hole) access to the process that does the signing to >> enable the malicious code to be signed & away they go... > > You boot the machine from a known-clean boot-cd with the key on it, > sign all the software, and reboot. Probably not a good solution for > personal computers, but I can see it happening in a company. On a > PC, keep the key on a read-only USB stick.
Ah... Impractical... Completely... Heck, I wouldn't do that for my phone (Umm... Vodafone used to ship s700i's like that IIRC), I'd reflash with an OS that didn't have the limitation. Much less run an OS & have to reboot everytime I wanted to run a new program... Not that I'm disparaging you, just pointing out that if it's a choice, people will disable that at purchase & run without it. > >>> Or say you have confidential legal documents. With DRM they >>> can be restricted to display by authorized document viewing >>> software, only on authorized computer hardware, or on hardware >>> with an authorized personal key loaded. >> Hmm... Sounds like a rewording of the RIAA et al's excuses for >> DRM to me... > > How about this one then. You want to order a video card from the > Traversal Technology web shop. For that, the shop needs your > address, so they can send you the package, and your credit card > number, so they can charge you. Of course, you don't want them to > pass on that information to anyone else. So, you encrypt it, and > require them to use software that won't let them do anything with > the information but send you a package and charge you. > > Of course, they would have to agree to use such software, and it > would have to be open source so that you could check whether it > works correctly. > Hmm... Verified by Visa already takes care of this... No DRM required. Encryption yes, but only between Visa & the merchant (Besides the usual SSL/TLS connections for the browser of course). There's no need for anything more than H -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEhEdd/3QXwQQkZYwRArHkAJ4gAmgq1vEuYW2tJpw0gXPVVtNEXACglAtx eTM3W1j9rn3UcNmYiqrWE6o= =7o65 -----END PGP SIGNATURE----- _______________________________________________ Open-graphics mailing list [email protected] http://lists.duskglow.com/mailman/listinfo/open-graphics List service provided by Duskglow Consulting, LLC (www.duskglow.com)
