[Cryptography] Blockchained code signing.

Hanno Böck hanno at hboeck.de
Sun May 7 17:45:50 EDT 2017

On Sun, 7 May 2017 10:35:44 -0400
Phillip Hallam-Baker <phill at hallambaker.com> wrote:

> Here is how: You use Certificate Transparency.
> Only instead of enrolling certificates, you enroll signatures on code
> releases. And you establish an update process that ensures that code
> updates will only be retrieved if the signature is properly enrolled.

This idea has already been discussed under the term "binary
transparency", although not a whole lot has happened implementing it,
but mozilla made some experiments:

However I'm not really happy with this limited form of transparency.
Ideally I'd like not only to sign and log the software binary, but also
the corresponding source and a build instruction how the source became
the binary.
Wanted to write down some thoughts on that for a while...

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

More information about the cryptography mailing list