[cryptography] How are expired code-signing certs revoked?

Michael Nelson nelson_mikel at yahoo.com
Wed Dec 21 17:24:31 EST 2011


> With that said, I propose that "code signing"
and
> then enforcing some kind of "use sanctioning" protocol
> by the
operating system vendor is an idiotic idea, and
> fortunately one that has been proven
as completely
> impractical

Somewhat related: The IEEE is asking for proposals to develop and operate a CA as a part of their Taggant System.  This involves signing to validate the usage of packers (compressing executables).  Packers can make it hard for anti-virus programs to spot malware.

http://standards.ieee.org/develop/indconn/icsg/ 


Does this strike you as impractical?  It seems obvious to me that it will be a wasted effort.

Mike N



More information about the cryptography mailing list