[cryptography] How are expired code-signing certs revoked?

Michael Nelson nelson_mikel at yahoo.com
Wed Dec 21 17:24:31 EST 2011

> With that said, I propose that "code signing"
> then enforcing some kind of "use sanctioning" protocol
> by the
operating system vendor is an idiotic idea, and
> fortunately one that has been proven
as completely
> impractical

Somewhat related: The IEEE is asking for proposals to develop and operate a CA as a part of their Taggant System.  This involves signing to validate the usage of packers (compressing executables).  Packers can make it hard for anti-virus programs to spot malware.


Does this strike you as impractical?  It seems obvious to me that it will be a wasted effort.

Mike N

More information about the cryptography mailing list