[Cryptography] Cryptographic signing of software is security theater
Kevin W. Wall
kevin.w.wall at gmail.com
Tue Dec 6 20:35:24 EST 2022
On Tue, Dec 6, 2022, 4:55 PM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Stephen Farrell writes:
> >On 04/12/2022 00:01, Peter Gutmann wrote:
> >>Ah yes, "we take security seriously", the thoughts and prayers of
> computer
> >>security.
> >
> >There must by now be enough examples of completely defunct companies who
> made
> >such statements that someone could have described what went happened on
> the
> >inside before issuing such a statement. I can't recall examples of such
> >though, so does anyone have some?
>
Didn't DigiNotar go defunct as a result their breach? Well, maybe not
defunct, but their CA business was taken over by the Dutch government,
wasn't it?
-kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221206/2618fcfc/attachment.htm>
More information about the cryptography
mailing list