Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Why the dislike of X.509?

> On 8/26/2014 1:01 PM, markw at wrote:
>> There is no such thing as a security system that has "one" entity, well,
>> perhaps a stone or a brick. There is *always* at least one mechanism
>> that
>> protects and one mechanism that provides access.
> An example is a code signing key. In a shared system, many agents
> possess copies of this key. Each agent is an entity. Each of these
> entities is a single point of compromise.

This is basically a strawman argument because while it could be done this
way, no one in their right minds would do it this way. That does not
typify what a shared system would look like.

> In a distributed system, the code signing key is split and distributed
> among several agents. Again, each agent is an entity. Since no one
> entity has the entire key the compromise of one entity cannot compromise
> the whole key and thus the whole system.

But, the code signing is exactly the point. There is a "key" that signs
the code and there is another key (cert or whatever) that verifies the
code signing key.

If multiple entities can sign the code with their own key, then clients
must have copies of each cert to verify the signing key. Unless there is a
1:1 relationship between the signers and the signees (which would be
pointless) any one of the clients must maintain all the key certs, in
which case, any one system would compromise the whole.
> Does the explanation make sense?
No, not really.
> --
> Rich P.
> _______________________________________________
> Discuss mailing list
> Discuss at

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /