[cryptography] How are expired code-signing certs revoked?

Jeffrey Walton noloader at gmail.com
Fri Dec 9 18:11:37 EST 2011


On Fri, Dec 9, 2011 at 6:00 PM, Nico Williams <nico at cryptonector.com> wrote:
> On Fri, Dec 9, 2011 at 4:41 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>> This strengthens the argument for digital signatures as a means of
>>> providing upgrade continuity and related application grouping /
>>> isolation, as in the Android model.  No need for a PKI then, no need
>>> to pay for certificates.
>> Android also make the application a security principal for resource
>> sharing (its a smarter walled garden approach). Its an awesome
>> approach, especially when compared to Windows and *nix where sharing
>> is generally based upon a login context and enforced through DACLs.
>
> That's what I meant by "isolation" :)
Gotcha - my bad.



More information about the cryptography mailing list