*countable infinities only

Przemek Klosowski przemek.klosowski at nist.gov
Thu Jun 14 21:28:34 UTC 2012


On 06/14/2012 04:52 PM, Jay Sulzberger wrote:

> ad inability to manage keeping the private half of the Fedora key
> private: This is absurd.  I will be happy to explain methods
> which, if Red Hat wanted, would meet all statutory, and real
> security, and even all anti-FUD compliance, requirements.  This
> claimed inability is not reasonable.  Why?  Because your position
> implies that you trust Microsoft and the hardware vendor more
> than you trust yourselves in this.

I should know better than wade in this discussion but I couldn't resist. 
I will try to stay away from the large scale argument, and limit myself 
to simple observations. In this case, I believe that you significantly 
underestimate the complexity of running a certificate authority. It's 
not just a matter of keeping the private key private.

The whole point of being an authority is to issue proper certificates, 
and to do that meaningfully you have to vet applicants, keep track of 
valid and invalid certs, handle the renewals and revocations. In fact, I 
suspect that the actual cost of doing it properly far exceeds the 
$99/cert, and that in fact instead of Fedora paying Microsoft, MS will 
be subsidizing Fedora at these prices.

> ad your answer to 2: I cannot this afternoon think of a way of
> making clear to you what you say.

Actually, throughout this discussion, I had the impression that you are 
the one that isn't articulating your position clearly. I think that your 
main concern is that the SecureBoot is the camel's nose under the tent, 
a first step towards a comprehensive signed environment where only 
'approved' code can run, all the way from firmware to kernel to user 
programs---not because of security but to ensure control of digital 
content by large publishers. That's why you keep bringing up DRM and and 
DMCA.

I personally share your long-term concern, and thank you for your 
advocacy on this issue. At the same time, I think that SecureBoot is a 
valid security technology; just like we sign RPM packages and prevent 
installation of unsigned software, it makes sense to me to have 
technical means of preventing running system software of unknown 
provenance. As long as there is end user control (off switch, and 
installation of third-party keys), it does not inexorably lead to the 
DRM-driven lockdown.

>
> Note that Microsoft, in combination the hardware vendors,
> succeeded in the last few years, in removing just about GNU/Linux
> system from "netbooks".  Some years ago many netbooks were
> shipped with GNU/Linux, but Microsoft put an end to this.

The fact that Linux on netbooks did not become a worldwide success
has very little to do with MS machinations. For one thing, the Linux 
offerings were not that good ('eee' is just about right), and for 
another, the world has moved away from netbooks. Linux moved on, found a 
sweet spot in Android, and trounced MS on tablets/smartphones.


More information about the devel mailing list