flankenstein - Slashdot User

Comment MashSSL (Score 2) 63

by flankenstein on Tuesday September 18, 2012 @01:02PM (#41375979) Attached to: W3C Releases First Working Draft of Web Crypto API

Why not use MashSSL? That seems like a simpler and better solution.

Comment Re: #1b: an Open UEFI Foundation for ALL DISTROS (Score 1) 521

by flankenstein on Saturday August 04, 2012 @07:24PM (#40881277) Attached to: UEFI Secure Boot and Linux: Where Things Stand

"And what if my distro happens to be a trojan?"

No worse than without UEFI. The point is to bypass the UEFI restrictions, and rely on existing methods of trust -- like reputation and hashsum verification -- instead. Today, if I install a well known distro like Debian or Ubuntu or Fedora, I have a pretty reasonable belief that they're not trying to slip me a trojan. But it could happen.

With UEFI, there's still no guarantee that a distro won't contain a trojan. And with an all-distro UEFI-bypass key, there's still no guarantee. But in both cases, I can still reasonably believe that a well known distro isn't trying to slip me a trojan.

The point of an all-distro UEFI-bypass key is simply to avoid making the user turn off UEFI in the BIOS. So we would sacrifice the purported benefits of UEFI (anti-trojan), but we would still have exactly the same freedoms and risks that we have today without UEFI.

The Open UEFI foundation could state this clearly, so nobody has the illusion that UEFI is protecting against trojans, for the distros using the bypass key.

Comment #1b: an Open UEFI Foundation for ALL DISTROS (Score 1) 521

by flankenstein on Friday August 03, 2012 @10:52PM (#40875223) Attached to: UEFI Secure Boot and Linux: Where Things Stand

> "Approach #1: Create UEFI Secure Boot keys for your particular distribution, like Canonical is doing with Ubuntu."

: : : : : :

Approach #1B:
Instead of limiting it to your distro, let ALL distros share a central Secure Boot key infrastructure. Set up an open foundation to manage it.

Slashdot Top Deals