Comment by rcxdude
10 days ago
>Someone has to be the root authority
No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine.
10 days ago
>Someone has to be the root authority
No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine.
> No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine.
Technically the web should work with self-signed certificates. But that is likewise impractical.
You can enroll your own certificates as long as you have unlocked firmware. However, in order for vendor ISOs to boot without modification, they need to be signed by some trusted root beyond your control.
Not really? The entire use model could be "just show a prompt on first use" which literally MS is trying to kill, because oh it just so happens the status quo basically benefits them and nobody else.
I'm not sure what's being complained about here. Most PCs (still) come with Windows, so "first use" will have occurred before you obtained the computer. A motherboard bought separately usually comes unlocked so you can remove the Microsoft certificate if you don't want to trust it anymore. If you're saying that unlocked parts bought individually should not come with any certificates trusted out of the box, I don't necessarily disagree, but this would be a regression in security and convenience for the average user, so it's unlikely to be adopted.
4 replies →