SoylentNews

mendax [soylentnews.org] writes:

Ars has a story [arstechnica.com] about a new software project that could be a solution (temporarily at least) to the problem of government forcing companies to turn over signing keys. From the article:

Cothority, a new software project designed to make secret backdoored software updates nearly impossible, is offering to help Apple ensure that any secret court orders to backdoor its software cannot escape public scrutiny.

Currently, when Apple or any software maker issues a software update, they sign the update with their encryption keys. But those keys can be stolen, and a government could coerce the company to sign a backdoored software update for a targeted subset of end users—and do so in secret.

Cothority decentralises the signing process, and scales to thousands of cosigners. For instance, in order to authenticate a software update, Apple might require 51 percent of 8,000 cosigners distributed around the world.

The article does, however, point out that

Cothority can't defend against a "bug door" slipped into iOS by, say, an undercover NSA employee working for Apple. Nor can it prevent the government from coercing Apple to backdoor all iOS devices.

Original Submission