Other Software > Developer's Corner

Digital Signature to verify Publisher...

<< < (3/4) > >>

Shades:
I totally agree with your reasoning f0dder. And indeed, my research served a specific purpose, it was for a piece of software that quite a lot of big companies pay annually for (a number with 4 to 5 zeroes behind it, depending on their size)...so there was already a level of trust and with self signed cert's also an increased level of safety.

f0dder:
I totally agree with your reasoning f0dder. And indeed, my research served a specific purpose, it was for a piece of software that quite a lot of big companies pay annually for (a number with 4 to 5 zeroes behind it, depending on their size)...so there was already a level of trust and with self signed cert's also an increased level of safety.
-Shades (June 27, 2008, 07:11 PM)
--- End quote ---
Yes, for some very specific situations, a self-signed cert can be safer than blindly trusting root CAs. But you need to design your software just right, otherwise it's a train wreck on it's way :) - and self-signed cert certainly isn't a good idea for regular web sites.

jojo99:
One of the bigger companies that sell code certificates is Comodo (the same people who offer the free Comodo firewall).  Looks like code signing certs are $167/year.  Go here:
http://www.instantssl.com/code-signing/index.html

Ehtyar:
Microsoft's code signing is nothing short of a complete disgrace. I'll stick with the good ol' gpg sig with the release.

Ehtyar.

f0dder:
Microsoft's code signing is nothing short of a complete disgrace. I'll stick with the good ol' gpg sig with the release.-Ehtyar (July 12, 2008, 08:41 AM)
--- End quote ---
It's a good idea, but probably not implemented/enforced in the best way possible... especially because it's not really attainable for hobbyist developers.

Navigation

[0] Message Index

[#] Next page

[*] Previous page