Re: Digitally sign my own DLL?
- From: "David Ching" <dc@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 20 Jan 2009 06:56:08 -0800
"Pierre Couderc" <pecouderc@xxxxxx> wrote in message news:gl47s4$oo8$1@xxxxxxxxxxxxxxxxxxxxx
There are some philosophic and practical problems with that :
- in what sense are "you" more "untrusted root authority" than Verisign? if you have established a relation with for example a customer, you are more trusted from him that a Verisign, that he has never hear of.
This is the reason why we use our own CA certificate (that we install in our setup.exe without any protest from Vista).
- are we sure that all the CA listed in MS list of trusted CA, are so sure that no "hacker" can get such a publisher certificate. If they were so sure, they would not try to develop "Extended validation" procedures, see http://www.cabforum.org/
- it may be strange that MS let you install silently a new CA into to the list of trusted CA but this is logical : if you trust someone enough to execute its code, you can trust its CA (Certification Authority).
I suppose the thing stopping this is that your setup.exe itself was signed by a non-trusted CA, so in order to run your .exe, the user will see it is not trusted. To get the ball rolling, the first thing (your setup program) must be signed by a pre-approved CA.
-- David
.
- Follow-Ups:
- Re: Digitally sign my own DLL?
- From: Alec S.
- Re: Digitally sign my own DLL?
- References:
- Digitally sign my own DLL?
- From: Simon
- Re: Digitally sign my own DLL?
- From: Joseph M . Newcomer
- Re: Digitally sign my own DLL?
- From: Alec S.
- Re: Digitally sign my own DLL?
- From: David Ching
- Re: Digitally sign my own DLL?
- From: Pierre Couderc
- Digitally sign my own DLL?
- Prev by Date: A (basic) problem with edit control
- Next by Date: Re: creating a CToolBar inside A CFormView
- Previous by thread: Re: Digitally sign my own DLL?
- Next by thread: Re: Digitally sign my own DLL?
- Index(es):
Relevant Pages
|
