# BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

# [Discuss] Why the dislike of X.509?

*Subject*: [Discuss] Why the dislike of X.509?*From*: richard.pieri at gmail.com (Richard Pieri)*Date*: Tue, 26 Aug 2014 14:23:39 -0400*In-reply-to*: <1f8631d7ffd0d72bad62d810dfa346e2.squirrel@mail.mohawksoft.com>*References*: <53F9F6B9.4060505@stephenadler.com> <20140824161132.GE14848@randomstring.org> <be314521ab6bebb6add54d706b042f01.squirrel@mail.mohawksoft.com> <53FA1C3B.70908@gmail.com> <53FB19E5.4080602@aeminium.org> <53FB4A5D.2030305@gmail.com> <CA+h9Qs5GnC6d1ejBQC=crtHwxoDiFWo4Kn+xjt0eiA8Kr733_A@mail.gmail.com> <53FB70E6.50706@gmail.com> <CA+h9Qs5THPNEir7tLZNjzLWMpod=9UGWTSCeZS2nCwVY0Ox=-w@mail.gmail.com> <53FB7F0A.40105@gmail.com> <253113e101a6fc1b75e160dfbd3d0dbe.squirrel@mail.mohawksoft.com> <53FB9325.9010200@gmail.com> <a7c1366d330261e2ee4906c8d08d0b94.squirrel@mail.mohawksoft.com> <53FB9E7A.5030808@gmail.com> <946844bdd8420720147712d216f1c037.squirrel@mail.mohawksoft.com> <53FCA1DD.60604@gmail.com> <b1c57a406ed7a4dd35ca5dd248dffb1f.squirrel@mail.mohawksoft.com> <53FCC142.9050805@gmail.com> <1f8631d7ffd0d72bad62d810dfa346e2.squirrel@mail.mohawksoft.com>

On 8/26/2014 1:37 PM, markw at mohawksoft.com wrote: > This is basically a strawman argument because while it could be done this > way, no one in their right minds would do it this way. That does not > typify what a shared system would look like. I didn't say it was smart. In fact, I've been saying that it's bad and stupid. > But, the code signing is exactly the point. There is a "key" that signs > the code and there is another key (cert or whatever) that verifies the > code signing key. But what verifies /that/ key, hmmm? > If multiple entities can sign the code with their own key, then clients > must have copies of each cert to verify the signing key. Unless there is a Say that you want to have three signing entities (agents, operators, whatever you want to call them) and require at least two of them in agreement to sign something. You take the secret key, split it into three pieces. Give each entity copies of two of the three pieces such that any two have the complete secret key between them. More properly, the signing entities have copies of pieces of the key used to decrypt the signing key which, optimally, is held by the organization's security officer who has no access to the decryption key. -- Rich P.

**References**:**[Discuss] vnc***From:*adler at stephenadler.com (Stephen Adler)

**[Discuss] vnc***From:*dsr at randomstring.org (Dan Ritter)

**[Discuss] vnc***From:*markw at mohawksoft.com (markw at mohawksoft.com)

**[Discuss] vnc***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] vnc***From:*nuno at aeminium.org (Nuno Sucena Almeida)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*jabr at blu.org (John Abreau)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*jabr at blu.org (John Abreau)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*markw at mohawksoft.com (markw at mohawksoft.com)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*markw at mohawksoft.com (markw at mohawksoft.com)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*markw at mohawksoft.com (markw at mohawksoft.com)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*markw at mohawksoft.com (markw at mohawksoft.com)

**[Discuss] Why the dislike of X.509?***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] Why the dislike of X.509?***From:*markw at mohawksoft.com (markw at mohawksoft.com)

- Prev by Date:
**[Discuss] Why the dislike of X.509?** - Next by Date:
**[Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT** - Previous by thread:
**[Discuss] Why the dislike of X.509?** - Next by thread:
**[Discuss] Why the dislike of X.509?** - Index(es):