Re: fingerprint of the archive signing key
On Tue, Jun 29, 2004 at 10:42:19PM +0100, Andrew Suffield wrote:
> On Tue, Jun 29, 2004 at 06:34:07PM +0100, Colin Watson wrote:
> > Only if the company is foolish enough to allow anyone who wanders in
> > the door to make a signature from their CA.
> Honestly now, do you really think it will be that hard?
*shrug* I've worked at a cryptographic security company. As far as I
know, you haven't.
> Once you have physical access to the user workstations, you can take
> those and work up.
Only if the key security is incompetent, which is inexcusable for a CA.
Colin Watson [firstname.lastname@example.org]