Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
speedgoose 10 hours ago

It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.

repelsteeltje 9 hours ago | parent | next [-]

Yeah but isn't the point of these certificates to express trust?

The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.

Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.

sidewndr46 8 hours ago | parent [-]

who on planet earth trusts a piece of software because Microsoft signed it?

roelschroeven 8 hours ago | parent | next [-]

There are different types of trust, but at the very least with such a signature you can trust that the piece of software is really from Veracrypt and not from a malicious third party.

repelsteeltje 6 hours ago | parent | prev | next [-]

For one: Most if not all virus scanners.

A signature is a signal, not an absolute. Although, to be fair, if Microsoft (or most other CAs) had done a better job, then that trust would have carried more weight than it does currently.

mr_mitm 8 hours ago | parent | prev [-]

Trust isn't binary, it's a spectrum. A signature is a signal that should increase trustworthiness. Not the strongest signal, perhaps even a weak one, but it's not zero.

orbital-decay 9 hours ago | parent | prev | next [-]

That's what VeraCrypt is, a fork of the original TrueCrypt after all drama, security doubts, and eventual discontinuation. It took a long time and two independent audits to establish trust in it.

subscribed 9 hours ago | parent | prev | next [-]

Probably not French though, give how hostile it appears to be to encryption/security related projects (GrapheneOS had a good arguments re: that)

kijin 8 hours ago | parent [-]

The author is now based in Japan, and even owns a veracrypt.jp domain. Meanwhile, the old veracrypt.fr domain redirects to veracrypt.io.

Seems rather clear that he doesn't want French jurisdiction.

fg137 9 hours ago | parent | prev [-]

And Microsoft will be happy to shut that one down because their incompetence.

So we'd better find a real solution now.