On Thu, 14 Jun 2012, Peter Jones <pjones@xxxxxxxxxx> wrote:
On 06/14/2012 01:56 PM, Jay Sulzberger wrote:
If Fedora appears to accept that Microsoft should have the
Hardware Root Key, our side's arguments, in several arenas, are
weakened.
Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA
stuff. It's entirely the wrong place for that.
No. You intend to grant to Microsoft the power to impede
installation of Fedora. The DMCA can today be used to threaten
those who go around the impediment with jail time.
My posts argue that Fedora should neither accept, nor seem to
accept, Microsoft's having the Hardware Root Key. One reason not
to seem to accept Microsoft's having the Hardware Root Key is
that, when arguing for Examption 4, the Englobulators will answer
"Well, there is really no issue here. Why, Fedora accepts that
it is right and proper that Microsoft have the Hardware Root
Key.".
Aside from that, you've still got the facts wrong. What you call the
"Hardware Root Key" the specification calls the "Platform Key" or "PK". PK
serves a couple of functions - it is the ultimate arbiter of what can and
can't add keys to the system, and it is the determining factor as to whether
the Secure Boot feature is enabled. PK will probably not ever be Microsoft's
key on any system. It'll be a unique to each hardware vendor, or possibly
even unique to various business units within a hardware vendor, or anything
else they happen to choose. It's completely their decision as to how they
ship this, and nothing we can do will ever change that.
The specification's words are carefully designed to mislead. As
pointed out, if Microsoft has the Hardware Root Key, then
"SecureBoot" is not a method of securely booting the hardware you
own.
You agree that the key in question is the Hardware Root Key. You
just wrote:
[the PK] is the ultimate arbiter of what can and can't add keys
to the system, and it is the determining factor as to whether
the Secure Boot feature is enabled.
The contents of PK are not and have not ever been the question in this
thread.
Yes, of course, who has the Hardware Root Key is the issue here.
If there is no issue as to who has the Hardware Root Key, why do
you propose having Microsoft sign a Fedora key which allows for
more convenient installation of Fedora? If there is no issue,
Microsoft is not involved. But Microsoft is involved.
P.S. - It looks really strange when you namedrop yourself in your own email.
It's like referring to yourself in the third person, squared.
--
Peter
Thanks, Peter, for responding.
I hope we may soon sit down together with food and drink before
us and discuss rhetoric.
oo--JS.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
