[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Tue, Jun 29, 2004 at 10:42:19PM +0100, Andrew Suffield wrote:
> On Tue, Jun 29, 2004 at 06:34:07PM +0100, Colin Watson wrote:
> > Only if the company is foolish enough to allow anyone who wanders in
> > the door to make a signature from their CA.
> Honestly now, do you really think it will be that hard?

*shrug* I've worked at a cryptographic security company. As far as I
know, you haven't.

> Once you have physical access to the user workstations, you can take
> those and work up.

Only if the key security is incompetent, which is inexcusable for a CA.

Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: