Hacker News new | ask | show | jobs
by surye 2568 days ago
But each device could have it's own unique signing key, signed by a manufacturer master key that is not distributed. Then you could revoke just that one device if the need arises (or even a manufacturer). Isn't this a fairly solved problem in the TLS/CA space?
1 comments
dooglius 2568 days ago
How would you know when to revoke a key?
link
eatbitseveryday 2568 days ago
You seem to know more than you are admitting via your responses here. Perhaps you can share your thoughts, rather than provide responses which defeat the discussion?
link
dooglius 2568 days ago
It's a genuine question, I don't have an argument for impossibility or anything, I just don't see how revocation could practically be done. In scenario A, Joe Schmo buys a camera, happens upon a powerful politician in a compromising situation, and uploads the video to YouTube with a digital signature. In scenario B, Joe Schmo buys a camera, actually works for the NSA, uses an electron microscope to extract the private key, and stamps a digital signature on a forged video, uploading that instead. How would any third party be able to differentiate between those? I could imagine potential avenues for solutions (e.g. maybe you could use quantum entanglement to make some sort of tamper-proof chamber around the key in hardware?) but then we're pretty far afield of straightforward PGP/TLS. Not to mention the problem that an adversary like the NSA could just get inside the ASIC fab and copy keys from the machine that prints them.
link
DoctorOetker 2567 days ago
make a distinction between cameras for fun, and cameras for undercover investigative journalism by journalists or citizen journalists.

the first type of camera is the one we have today, the second type would be more expensive, need to stay connected to the group consensus protocol, and need to stay powered, so journalists will be lugging extra batteries, and the camera would have 2 battery ports for switchover...

link
ClassyJacket 2568 days ago
Your logic here could be applied to any form of cryptographic signing. How do we know when to revoke an SSL key? Someone could be misusing them without us knowing. But sometimes we do know.
link
NullPrefix 2568 days ago
When the key signs some embarrassing video it gets revoked as compromised. Simple as that
link