"Patching secure assemblies whose digital certificate has expired" ??
- From: "Arnie" <jefferyronaldarnett@xxxxxxx>
- Date: Thu, 1 Dec 2005 15:12:24 -0700
"We use an Authenticode (digital code signing) certificate from Verisign to
digitally sign our .NET assemblies, and to ensure the assemblies in a
calling tree are authentic as each class and public method in secure
assemblies are decorated with this attribute:
[System.Security.Permissions.PublisherIdentityPermission(SecurityAction.LinkDemand,
X509Certificate=CodeIdentity.PublisherX509Certificate)]
which has the effect of ensuring that the set of secure assemblies have all
been signed with our Authenticode certificate and are therefore authentic.
The issue that we have is that once such a set of secure assemblies has been
deployed to our customers, and the Authenticode certificate used to sign
them has expired, is it possible to create a "patch" (a small subset of
updated/fixed assemblies) that will work with this old set of secure
assemblies, or must we (at a minimum) re-sign all these assemblies with a
new, valid Authenticode certificate and redeploy the whole set along with
the few that are being updated?
If it is not possible to perform such a "patch", is Microsoft considering a
way to securely support such an action? It seems that many .NET clients in
addition to our company would have a need to do this."
-jeff arnett
.
- Prev by Date: Re: Calling close on StringReader (or not)
- Next by Date: Re: call .net 2.0 assemblies from .net 1.1
- Previous by thread: Compact C# .NET -> How to add TreeView's nodes/items from threads?
- Next by thread: .NET versioning
- Index(es):
Relevant Pages
|
