[jerf]

Many private keys have remained private. (So far as we know... and note here I'm talking about private as in asymmetric public/private such as can be used for signing, not "keys that were meant to be private but got leaked".)

In fact, I'd observe the Microsoft private key wasn't even leaked. Another private key was created that due to flaws in MD5 allow someone with vast, vast resources to figure out how to forge another one that would be accepted. One can equally read this as proof that the system is pretty strong, if it took government-level resources to attack a known-weak system that I would imagine won't be in the next signing standard.

We can not assume that private keys will leak. We can not even assemble an argument that the probability is high, which is because it isn't.

[rbanffy]

> it took government-level resources

This year. The next year, it will be half as much. In 10 years, a thousandth. Are we willing to expire boot signing keys every couple years? Are we really comfortable only governments have such power because governments can do no wrong?

[jerf]

In the encryption wars it goes the other way. Encrypters get to make decrypters exert exponentially more effort for only polynomially more themselves, and the systems get stronger over time, not weaker. We've long since passed the point where handheld devices like cell phones can use encryption that would take resources in excess of the entire universe for the rest of time at the maximum theoretical computation rate to brute force. We don't always use that, and there may be (and probably are) weaknesses that can cut that down, but that's the direction this goes in over time, and I can't think of anything that has any chance of changing that dynamic. Even a proof of NP = P wouldn't do it (that only potentially nails certain forms of encryption used today, there are others that would still not be vulnerable), and if that's not enough....

[rbanffy]

I know all that, but you have to agree UEFI makes everybody put a lot of trust on a series of black boxes we cannot inspect. Even if we assume getting a set of signing keys requires more computing power than physically available, we cannot rely on it not being available through less compute-intensive ways.