[cryptography] code signing a nuisance?

M.R. makrober at gmail.com
Wed Sep 21 02:52:08 EDT 2011


On 20/09/11 21:48, Peter Gutmann wrote:
> ...to sign their code.
> ...I get the impression they see
> security as a nuisance to be bypassed rather than a real requirement.
>
I'd like to assure you that code signing and the associated need
to buy a certificate service from a third party is viewed as a
"nuisance to be bypassed" by a great majority of independent
software vendors.

Nobody is happy to see ~his~ product, which he ~knows~ presents
no threat to his customer, encumbered in both the construction and
the distribution to such a level in order to protect the buying
public from ~someone else's bad product~. It's "business 101" really.
And like always, the smaller the product, the more of a nuisance
this becomes. And like always, "the regulator" just wouldn't
admit that the regulation is an ill-conceived measure, which
encumbers the producer and does not really solve the problem that
was used as an excuse to introduce it in the first place, mostly
for the hidden "fringe benefits" that it brings to the regulator.

Mark R.



More information about the cryptography mailing list