coapp-developers team mailing list archive
-
coapp-developers team
-
Mailing list archive
-
Message #01213
Re: Codesigning for the masses.
Well, we need to live inside the Authenticode digital code signing, which means that we have to do some things a certain way.
And, from a certain perspective Authenticode code-signing is somewhat similar to DNS. If you think of the CA as the registrar.
The reason it's not done elsewhere, is because the only existing solutions involve a standard CA issuing a code-signing certificate, and since the OS ships with their certificate in the root authority, it works.
Actually, large organizations often have their own internal CA running where they issue certs to internal developers to deliver internal apps.
In a way, I'm suggesting that CoApp become a Root CA of sorts. Except that we install our root when CoApp is installed, instead of it being shipped with the OS.
We can do that, since our MSI is digitally signed with a recognized CA's certificate, and we elevate at install time.
Once we've installed our root, certificates that we issue work very similar to the ones that are issued from the CA, with a couple exceptions:
- They won't work for signing device drivers... Device Driver signing requires a root CA that is cross-signed by the Microsoft Root Authority.
- You can't sign up for crash data from the WinQual labs - they only support the Verisign cert. meh. Screw 'em.
As for 'industry standard' .. I'm pretty far ahead of the 'state-of-the-art' here, since generally very few people care about code signing, and those who do, just follow MS's guidance. (which is "cough up the dough").
G
From: coapp-developers-bounces+garretts=microsoft.com@xxxxxxxxxxxxxxxxxxx [mailto:coapp-developers-bounces+garretts=microsoft.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Mark Stone
Sent: Wednesday, January 04, 2012 11:32 AM
To: coapp-developers@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Coapp-developers] Codesigning for the masses.
This sounds like a really strong idea. I'm surprised that more projects / platforms don't take advantage of the decentralized management architecture pioneered by DNS, and what you're proposing is a kind of DNS-like code signing network.
I guess my first question would be: "If this is such a great idea, why isn't it already being done elsewhere?". This leads me to my naive second question, which is probably worth throwing in here to inform the discussion: "What exactly is the state of the art with respect to code-signing generally, and who, beyond the CoApp project, is exemplifying some 'best practitces' here?" A better sense of the industry standard would probably help sort out the strengths and weaknesses of your proposal.
-Mark
--
Mark Stone || mark.stone@xxxxxxxxx<mailto:mark.stone@xxxxxxxxx> || 253-223-2159 || Technical Project Manager, Adxstudio
Co-author and Editor, "Open Sources", "Open Sources 2.0"
Alumnus: VA Linux systems, Wizards of the Coast, Microsoft (Server & Tools Business)
Follow ups
References