Y
Hacker News
new
|
ask
|
show
|
jobs
by
tjoff
88 days ago
You can't get the private key but you can sign with it, which is still plenty bad.
1 comments
bob1029
88 days ago
The private key should be tightly scoped to its context of use. I would definitely agree with you if it's one key that rules the entire kingdom.
link
tjoff
88 days ago
Not sure I follow? Lets say it is limited to one use only, sign an app.
Since I've got control of the box I can now use it to sign any app. Isn't that bad enough?
link