Jean-Marc Desperrier wrote: > You don't care *who* the owner of the cert is. What you care about is if > he intends to use his signing cert to distribute spyware extensions. And > his identity tells you nothing about that.
No, but it does tell you whose door the police can go knocking on if he logs into your online banking and steals all your money. Identity is a reasonable proxy for intention, because criminals don't want to be caught. > What you'd really want is some process to review the requester (or his > code) before granting him the code signing certificate. Except that you would need to review all the code before it was signed, not just at the beginning, and (in the case of malicious intent) find things the code did which the code author was intending to hide from you. Which is impractically expensive and time-consuming. > But we know in advance no process with be perfect. So what's really > important is to have the absolute garantee that his certificate gets > revoked as soon as you decide it should. And very efficient > dissemination process for revocation information, relying on the user > downloading tens of crl from various CAs will never fit the bill. So it seems that you are suggesting that we should issue code-signing certificates to anyone who wants them, and use revocation to pull out the bad actors? The problem with that is that because there's no strong identity, the bad actor will just go back and get another code-signing cert from you and repeat the process. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
