[Cryptography] Cryptographic signing of software is security theater
Stephen Farrell
stephen.farrell at cs.tcd.ie
Sun Dec 4 22:11:25 EST 2022
On 04/12/2022 00:01, Peter Gutmann wrote:
> Ah yes, "we take security seriously", the thoughts and prayers of computer
> security.
There must by now be enough examples of completely defunct
companies who made such statements that someone could have
described what went happened on the inside before issuing
such a statement. I can't recall examples of such though,
so does anyone have some? (I'd be most interested in ones
where the "seriously" was demonstrably bogus of course as
that'd nicely confirm at least my suspicions:-)
Ta,
S.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x5AB2FAF17B172BEA.asc
Type: application/pgp-keys
Size: 5564 bytes
Desc: OpenPGP public key
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221205/bb5b1de2/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221205/bb5b1de2/attachment.sig>
More information about the cryptography
mailing list