[cryptography] How are expired code-signing certs revoked?

Nico Williams nico at cryptonector.com
Fri Dec 9 18:00:45 EST 2011


On Fri, Dec 9, 2011 at 4:41 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> This strengthens the argument for digital signatures as a means of
>> providing upgrade continuity and related application grouping /
>> isolation, as in the Android model.  No need for a PKI then, no need
>> to pay for certificates.
> Android also make the application a security principal for resource
> sharing (its a smarter walled garden approach). Its an awesome
> approach, especially when compared to Windows and *nix where sharing
> is generally based upon a login context and enforced through DACLs.

That's what I meant by "isolation" :)

> It never hurts to wish.

:(



More information about the cryptography mailing list