Friday, November 01, 2002

Strong Names Considered Dangerous Keith Brown poses (yet another) interesting question on DOTNET-CLR this week: What do you guys plan to do if your private key is compromised? My reaction would consist of five stages: Denial C:Development> dir /s bristowe.snk  Volume in drive C has no label.  Volume Serial Number is 1234-5678. File Not Found "Hmm... that's odd." C:Development> dir /s *.snk  Volume in drive C has no label.  Volume Serial Number is 1234-5678. File Not Found "Uh oh." Anger C:Development>cd .. C:>cacls Development C:Development Everyone:(OI)(CI)F "Who did this?" Fear "What else is gone?" Bargaining "I'm sure I didn't sign the latest build with my keyfile..." Acceptance (Manager enters room.) Manager: "v1.0 is out the door. Oh, and before I forget, you'd better let me store our keyfile to disk for safe keeping." "Eep." Unfortunately, this is a highly probable scenario. 6:19:26 AM    comment []