www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: Official code signing certificate
Date Fri, 12 Apr 2013 15:52:15 GMT
On Mon, 25 Mar 2013 16:48:41 -0700
Clint Modien <cmodien@gmail.com> wrote:

> I'm not sure if it's economical or not… but if the approach is to
> provide private keys and certs to each project it might be wise for
> them to also be unique for each project.

They won't be signed.  Authentcode key signing is structured
one-per-org.

> That way if a cert/key pair is compromised in one project it doesn't
> impact other projects.

Couldn't agree more, a moronic design if you asked me.

The Symantec code signing service, however, ties a distinct key
to each signed object in an auditable method.

As Rob is fond of pointing out, there are literally hundreds of
moving parts in their release (and similarly in the httpd release
as well - each loadable module must be signed).  I've asked and
been assured that the Symantec service would have a batch/group
automation-friendly submission process that could make this
relatively painless.

When I scoped the first ASF-hosted service, I envisioned then
editing each .rc resource entity in the binaries to associate
them to the pgp key which had submitted them for signing, before
then authenticode-signing the objects.  But this still suffers 
from exactly the threat you identified above.


Mime
View raw message