[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Cryptographic protection against modificatio n

@ 04/05/2004 08:26 : wrote Henrique de Moraes Holschuh :

On Tue, 04 May 2004, Herbert Xu wrote:
Consider the hypothetical case of a piece of firmware for a peripheral
device that is protected by a cryptographic signature such that the
device will reject anything that is not signed using a specific key.

Let's further assume that that the said firmware is distributed with
full source (but without the private key used to make the signature)
and a license saying that you can do whatever you wish with it.

Do you consider this piece of firmware to be distributable in Debian

That depends on the availability of another device that could use the
firmware, and which would not check the cryptographic signature, I

no, it does not. It's Free Software, comes with the source, the /proper/ source, the license permits modification, redistribution, etc etc etc. It's useless, for a lot of people. But then, there is a lot of drivers in Debian that are useless to me, because I don't have the hardware to use them. It's absolutely the same situation. If you go in a certain place and get the key to crypto-sign your modifications, presto! It's useful -- *for you*. If you go to a country where reverse engineering is lawful, you crack a new key, and you post it to the internet, liberating its use, now it's useful to anyone who has the appropriate hardware.


Reply to: