Hacker News new | past | comments | ask | show | jobs | submit login

Is there any guarantee each vendor will only ever use one signing key? Or might we have problems swapping from one Dell to another Dell, for example?



I would imagine they'd have to use new ones every once in a while.

What I am most worried about is vendor's key becoming compromised (whether cracked or stolen), which means that a revocation mechanism is missing.

Even with revocation implemented, such equipment would be rendered useless (I imagine vendor would have to cover for replacements).


Discussed later in the video. But this is possible which adds another layer of complexity if one tries to track pulls.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: