User: Password:
Subscribe / Log in / New account

Third party approval unique?

Third party approval unique?

Posted Feb 28, 2013 9:07 UTC (Thu) by stevan (subscriber, #4342)
Parent article: Loading keys from Microsoft PE binaries

From a freedom-appreciating user's perspective, it doesn't feel right to start kow-towing to an antagonistic third party on the basis of what they may or may not do with a power you have gifted to them. I was wondering, though, whether this is a unique issue in the kernel's development or whether similar issues have arisen in the past. If so, how were they handled then?


(Log in to post comments)

Third party approval unique?

Posted Mar 6, 2013 9:02 UTC (Wed) by ortalo (subscriber, #4654) [Link]

IMO, that's pretty much the first time such an issue arise in practice at this scale.
Precedents with similarity are TCPA and TPM chipsets, but those explicitly allowed user-generation of secret keys. Analogy can be made with older things too (like the "Clipper chip"). But none of these were scheduled for generalization. None of these were under control of a single company.
The idea of a secure BIOS/ROM itself is pretty old btw. M$ applied it already more or less to the XBox. But personally, I view it as unapplicable in practice outside of niche markets because it involves centralized control of the signing key - and that is nearly impossible to do realistically (we are starting to see it... then you'll have revocation, compromise of keys, etc. Imagine how all this will collapse when the ONLY secret key will be attacked. ;-).

The other precedent is in the mobile phone space with network-operator locking of (subsidized) mobile phones, but not with open source software (and usually relying on the SIM smart card as a security kernel - which is probably a much better idea IMO).

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds