[cryptography] How are expired code-signing certs revoked?

Jon Callas jon at callas.org
Sat Dec 10 15:13:46 EST 2011


On 9 Dec, 2011, at 9:15 PM, Peter Gutmann wrote:

> Jon Callas <jon at callas.org> writes:
> 
>> If it were hard to get signing certs, then we as a community of developers
>> would demonize the practice as having to get a license to code.
> 
> WHQL is a good analogy for the situations with certificates, it has to be made
> inclusive enough that people aren't unfairly excluded, but exclusive enough
> that it provides a guarantee of quality.  Pick any one of those two.
> 
> (I have a much longer analysis of this, a bit too much to post here, but
> there's a long history of vendors gaming WHQL and the certifiers looking the
> other way, just as there is with browser vendors looking the other way when a
> CA screws up, although in the case of hardware vendors the action is
> deliberate rather than accidental).

Sure, and that's why the assurance system and the signatures have to be tied together and the incentives have to be aligned. In a software market where the app store itself is doing the validation, doing the enforcement, signing the code, and taking the responsibility for both delivering the software and backfilling the inevitable errors, you'll see the *system* lower malware. But even in that, it's the system that's doing it, not digital signatures. The signatures are merely the wax seals. The quality system has to be built to create and deliver quality. That is the sine qua non of this whole thing.

I think we agree that trying to build quality by giving certificates to developers is a fantasy at best.

	Jon




More information about the cryptography mailing list