And why you have to 'get a certificate request signed by a CA' ?
I can do SSL all day long with a self-signed (or even expired) certificate.
The only thing that the CA validates (the encryption will still be there) is
that you are whom you are claiming to be, but if you don't care (I don't
drop my credit card unless the certificate is 'validly signed'), I still go
ahead (as happens on some I-wonder-why SSL(ed) Ubuntu support pages).
I may be dumb, though...
ET
Eric Shubert writes:
On 06/10/2012 01:11 PM, Lisa Kachold wrote:
Microsoft responded by saying that there was no mandate from Microsoft
that prevents secure booting from being disabled in firmware or that
keys could not be updated and managed.
I think this is key to understanding the situation. Anyone can easily
disable secure booting and people can do as they please, as they do
presently.
In order to use secure booting with an alternative OS, one simply needs to
get a certificate request signed by a CA (a service which comes with a
fee), much the same as certs are done for SSL. This would be one cert per
OS, not per computer. I'm not certain of the details of how to do this,
but this is my understanding of the process.
BL, if you don't want or need secure booting, things are pretty much the
same as they've always been. I doubt that most people would notice a
difference between UEFI and traditional BIOS per se. The differences are
largely between different vendor's implementations, as has always been the
case.
As Larry said earlier, much to say about nothing.
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
