[Discuss] Why the dislike of X.509?
Richard Pieri
richard.pieri at gmail.com
Tue Aug 26 14:23:39 EDT 2014
On 8/26/2014 1:37 PM, markw at mohawksoft.com wrote:
> This is basically a strawman argument because while it could be done this
> way, no one in their right minds would do it this way. That does not
> typify what a shared system would look like.
I didn't say it was smart. In fact, I've been saying that it's bad and
stupid.
> But, the code signing is exactly the point. There is a "key" that signs
> the code and there is another key (cert or whatever) that verifies the
> code signing key.
But what verifies /that/ key, hmmm?
> If multiple entities can sign the code with their own key, then clients
> must have copies of each cert to verify the signing key. Unless there is a
Say that you want to have three signing entities (agents, operators,
whatever you want to call them) and require at least two of them in
agreement to sign something. You take the secret key, split it into
three pieces. Give each entity copies of two of the three pieces such
that any two have the complete secret key between them.
More properly, the signing entities have copies of pieces of the key
used to decrypt the signing key which, optimally, is held by the
organization's security officer who has no access to the decryption key.
--
Rich P.
More information about the Discuss
mailing list