<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Do you need threshold signatures for this, or would a quorum of<br>
ordinary signatures work?<br></blockquote><div><br></div><div>You need threshold RSA because the platform auto update mechanisms do not support multiple signatures. They're all designed on the assumption of a single software vendor who controls updates of their own products.</div><div><br></div><div>However, the mathematics is not the hard part of this (assuming the code I have works). The hard part is designing the contracts between the different auditing companies to be watertight, so the developers of an app that is being threshold signed feel safe that they aren't going to lose control over their own product except in the very specific area of security guarantees. For example would those contracts govern UI changes that the auditors feel might make the security harder to understand? Very tricky area and never been done before so there are no templates to copy. Whoever goes first will be cutting a path through the jungle for everyone else.</div></div>