coapp-developers team mailing list archive

Thread
Date

Codesigning for the masses.

To: "coapp-developers@xxxxxxxxxxxxxxxxxxx" <coapp-developers@xxxxxxxxxxxxxxxxxxx>
From: Garrett Serack <garretts@xxxxxxxxxxxxx>
Date: Wed, 4 Jan 2012 19:15:00 +0000
Accept-language: en-US
Thread-index: AczLEk5eGVIHvd14QXavzTcPculkBA==
Thread-topic: Codesigning for the masses.

I've been thinking this over for a bit, and I've come to a bit of a revelation.

I want to issue code-signing certificates to individuals so they can publish their own open source packages.

I've got a longer-term goal of creating a web-of-trust layer on top of the existing Authenticode digital signing system, but that's really going to take forever, and I'm now of the opinion that doing something useful now is better than doing something perfect later.

What I'm proposing

We create a root certificate that can be used as a root to generate code-signing certificates.

Include this root certificate with CoApp itself, and install it into the root certificate authorities at install time.

For CoApp contributors that have signed the CoApp CLA, I issue a personal code-signing certificate to each person who wishes to publish their own packages.

Using CoApp's SimpleSigner and Autopackage tools, they will be able create their own packages, and be able to upload them to the CoApp.org server where once instantly validated, they get added to the http://coapp.org/feed package feed.

We would need to have a certificate revocation list published on http://coapp.org/ and embedded in the root certificate so that we could revoke a certificate if need be.

We'd keep the certificate validity down to 6 months between renewals.

In the event someone went insane and stopped playing nice, we revoke their certificate, and publicly flog them.

Essentially, this is a way for me to delegate publishing binaries of software to individuals who participate in the project.

We're still in Beta, so I think this is the best time to try this, and work out the kinks before we hit 1.0 Release.

In the short run, I'll manually manage the process of handing out certificates to individuals.

Worst Case Scenario
If this turns out to be a really stupid idea for some reason, we can easily remove the CoApp root certificate, thereby invalidating all the certs.

What do you think? I want feedback!

[Description: Description: Description: fearthecowboy]<http://fearthecowboy.com/>

Garrett Serack | Microsoft Senior Open Source Software Developer | Microsoft Corporation
Office:(425)706-7939 email/messenger: garretts@xxxxxxxxxxxxx<mailto:garretts@xxxxxxxxxxxxx>
blog: http://fearthecowboy.com<http://fearthecowboy.com/> twitter: @fearthecowboy<http://twitter.com/fearthecowboy>

I don't make the software you use; I make the software you use better on Windows.

Follow ups

Re: Codesigning for the masses.
From: Pau Garcia i Quiles, 2012-01-05
Re: Codesigning for the masses.
From: Mark Stone, 2012-01-04