but you see, he cited one which can be attached to homebrew apps which are not developed, suported or distributed by Sony.
Putting a DKNY badge on a wallet does not make it automatically a wallet made by DKNY if you see what I'm getting at.
Except the only boundaries are whether the PS3 accepts it or not. Code signing is a simple mathematical equation if you CITE the number. Besdes your argument is flawed because Sony use the same key for everything, whereas ISBNs and UPCs require one code per product.
And for the record, there is talk about replacing the ISBNs with GUIDs, effectively dissolving the foundation to no more than just a checker for doubleups, so your argument doesn't hold up there, either.
you still don't get my point.
so what if Sony uses the same key to sign every piece of software they autherise?
The point is that GeoHot is not Sony and should have no right to sign something as coming from Sony when he is not Sony. he's flogging fake Sony goods to the PS3 and has told others how to do the same.
GUID is just another number generated and distributed by a protected system. Just like ISBN. There is or will be a controlling body who will assign the numbers. The same will hold true, you won't be allowed to generate a number privately and then claim it came from them, so i don't see how that's too different at all.
Okay, let's assume your vague assumption has any chance of standing in court. In that case:
1. there would have to be a governing body who monitors security keys by corporations. Not only is it not in the corporations interest to be giving them out, it's not the government's interest to be providing backup for stolen keys from corporations. No. it's how Sony id's something that theirs and or comes from them or their stable in their own internal system (like a product number). I.E Sony is the governing body here.
2. Sony would have had to have registered their key with that body. see 1
3. No two companies would be allowed to have the same key. Irrelevant. it is unlikely that one legit company would try pass itself or it's software as anothers. remember GeoHots method allows PS3's to run fake software (or homebrew etc.) as if it came from Sony.
4. The code signing system would only be allowed to accept numbers registered with this governing body. This is what Geohot has circumvented in the PS3 hack.
The similarity is way too vague for any enforcement, and the idea of enforcement requires ludicrous rues to be put in place.
Sony cannot just declare by themselves "this is our number, and anything published with it shall be ours" to thin air and expect it to hold up in court. Get real. Who'se keys (numbers) are they supposed to use then to identify and verify their authorised software? Microsofts? What is your view on the use of the MD5 Checksum algorithm? is that wrong too? is circumventing that fine as well?
And yes, GUIDs can be generated from any point using a corporate IP address. The governing body no longer would need to "issue" them. Any issued GUID would have to be checked for uniqueness which will require some form of body despite the frankly huge numbers of permutations that could be generated. someone will need to issue and conrol the identifier protion
There is a ton of assumption in all of this:
You're expecting the government court to uphold a system by a corporation that could have been fabricated at any time between the court case and the incident.
The code would not have to be passed amongst companies, but if two keys happen to be the same, two companies can accuse the other of copying their key.
Aso GeoHot did not circumvent ANY code. For gods sake, he used the door put there legitimately by Sony.
I have had enough of this stupid, ludicrous analogy. I made an analogy in an "only if" situation and you're trying to argue your way through that. the situation is too vague and you're trying to defend it as much as you can. Unless you actually bring up a decent reason, I refuse to play this little game anymore.