Microsoft tries to block Linux off Windows 8 PCs

Thu Sep 22 16:50:01 UTC 2011

| From: Scott Elcomb <psema4-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

| On Thu, Sep 22, 2011 at 11:33 AM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
| > | From: Scott Elcomb <psema4-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
| >
| > | My question is what will happen when relevant Certificate Authorities
| > | get "hacked" - ala DigiNotar and Comodo?
| >
| > There is no CA, at least according to the article referenced in the
| > first post.
| 
| OK, you got me... I didn't read the article Colin referred to - but
| had read several other articles before noticing the thread.
| 
| Here's a relevant quote from The H:
| 
| "This requires any firmware and boot process software – including boot
| loaders as well as elements such as UEFI drivers for on-board
| components and expansion cards – to be signed by a trusted Certificate
| Authority (CA)."
| 
| Source: <http://www.h-online.com/open/news/item/Community-fears-Windows-8-Secure-Boot-will-block-Linux-1347997.html>

A public-key cryptosystem does not require certificates (certificates
are almost always X.509 these days).  Most people don't realize this.
So much so that, as far as I know, FreeS/WAN (and its successors) are
the only IPSec implementations that support bare public keys.

(I bought a Linksys WRV200 because the manual said it supported bare
public keys -- I knew that it had my code in it.  When I got the
router, it did not support them.  It was running my code but they had
blocked the feature (and didn't release the source for a long time,
violating the GPL).)

So: it was plausible that no CA was involved.  But it may not be the
case.  I've not read the standard.

| > And hacking like this gets you thrown in jail in the US (DMCA) and
| > soon to be in Canada (on this fall's legislative agenda by all
| > accounts).  Hardly a basis for an above-board company's business
| > model.
| 
| Oh, agreed.  But, as evidenced by the DigiNotar hack (and plenty of
| other examples), that won't stop those who are not above-board.

Right.  My point was that the desktop Linux vendors would be driven
out of business since they cannot reasonably base a business on
illegal circumvention.