Yep, I guess we do disagree on this. I don't see a significant difference in attack surface to build and package signing infra, which already regularly gets popped and that's good enough to defeat FDE today. Where do you see the difference?
I saw it, I think you're ignoring the build server component. Anyway, you believe that the current state of security for build and package signing is acceptable, right? (I find this surprising, but okay). If the same system was reused for key escrow, would that be secure?
-
-
I think today’s system is a compromise that works given its use case that is largely acceptable. I think layering the authentication and frequency requirements that would be required for escrow that would no longer be the case.
-
Sure, if the frequency was capped somehow, that would be acceptable? Let's say, the law encodes some SLA for vendors that you believe package signing infrastructure can reasonably sustain. I don't know if the law can do that, but for discussion purposes.
- 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
