fordy said:
Okay, let's assume your vague assumption has any chance of standing in court. In that case: 1. there would have to be a governing body who monitors security keys by corporations. Not only is it not in the corporations interest to be giving them out, it's not the government's interest to be providing backup for stolen keys from corporations. No. it's how Sony id's something that theirs and or comes from them or their stable in their own internal system (like a product number). I.E Sony is the governing body here. 2. Sony would have had to have registered their key with that body. see 1 3. No two companies would be allowed to have the same key. Irrelevant. it is unlikely that one legit company would try pass itself or it's software as anothers. remember GeoHots method allows PS3's to run fake software (or homebrew etc.) as if it came from Sony. 4. The code signing system would only be allowed to accept numbers registered with this governing body. This is what Geohot has circumvented in the PS3 hack. The similarity is way too vague for any enforcement, and the idea of enforcement requires ludicrous rues to be put in place. Sony cannot just declare by themselves "this is our number, and anything published with it shall be ours" to thin air and expect it to hold up in court. Get real. Who'se keys (numbers) are they supposed to use then to identify and verify their authorised software? Microsofts? What is your view on the use of the MD5 Checksum algorithm? is that wrong too? is circumventing that fine as well? And yes, GUIDs can be generated from any point using a corporate IP address. The governing body no longer would need to "issue" them. Any issued GUID would have to be checked for uniqueness which will require some form of body despite the frankly huge numbers of permutations that could be generated. someone will need to issue and conrol the identifier protion |
Proud Sony Rear Admiral