[Cryptography] Blockchained code signing.
hanno at hboeck.de
Sun May 7 17:45:50 EDT 2017
On Sun, 7 May 2017 10:35:44 -0400
Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> Here is how: You use Certificate Transparency.
> Only instead of enrolling certificates, you enroll signatures on code
> releases. And you establish an update process that ensures that code
> updates will only be retrieved if the signature is properly enrolled.
This idea has already been discussed under the term "binary
transparency", although not a whole lot has happened implementing it,
but mozilla made some experiments:
However I'm not really happy with this limited form of transparency.
Ideally I'd like not only to sign and log the software binary, but also
the corresponding source and a build instruction how the source became
Wanted to write down some thoughts on that for a while...
mail/jabber: hanno at hboeck.de
More information about the cryptography