Comments (5)
rmhrisk
commented on August 21, 2024
1
I would like to recommend that the USPKI not issue code signing certificates and instead focus efforts on centralizing and automating the process of code signing.
The issuance of code signing certificates is sufficiently different, I imagine relatively rare, and places the USPKI in a position to sign kernel mode drivers (as an example) for hosts across the globe. Moreover, these certificates would not be covered by Certificate Transparency (at least in a meaningful way).
Centralizing code signing, ensuring code that is signed is done so utilizing good key management, antivirus checking and by authorized people would be a much better focus for the group to spend its efforts on.
I do think time stamping is something the USPKI should do.
from policies.
lachellel
commented on August 21, 2024
1
Agreements:
- Code signing needs addressed outside of this effort and CP / CPS and PKI hierarchy
from policies.
LarryFrank
commented on August 21, 2024
DoD has NOT agreed to do this at this point - I do not care myself - but NSA I4 has serious concerns.
from policies.
weirdscience
commented on August 21, 2024
Code signing will require adopting the Code Signing Baseline Requirements and another root if the subordinate CAs are not technically constrained.
from policies.
konklone
commented on August 21, 2024
This was something @rmhrisk kindly discussed with us at the F2F as well, and it was a persuasive argument.
However, we have not had a chance since the F2F to circle back with @twbaldridge and others. Let's queue this up for our weekly call to discuss.
from policies.
Related Issues (20)
- Mozilla Policy Review: Version 2.6.1 and comments HOT 1
- Section 6.1.5 Algorithms - Update for Mozilla policy HOT 4
- Section 2.3 Time or frequency of publication - update from 15 to 7 days
- OCSP Profile Update - Update CRL references
- Frequently Asked Questions (FAQs): What and Why? HOT 2
- CAB Forum Ballot SC16: Other Subject Attributes HOT 2
- Section 3.2.2.6 Wildcard Domain Validation HOT 1
- Section 5.5 - NARA Archive Requirements HOT 1
- Section 3.2.2.4 and 3.2.2.6 consistency HOT 2
- Remove SHA-512? HOT 2
- RA Verbiage - Confusing? HOT 2
- Delegated OCSP Certificate Validity HOT 2
- CAB Forum Ballot SC17: Alt. Registration Numbers for EV Certificates HOT 2
- CAB Forum Ballot SC19: Phone Contact with DNS CAA Phone Contact v2 HOT 1
- OCSP Error Testing HOT 1
- CAB Forum Ballot SC21 - NSR section 3 (Log Integrity Controls) HOT 1
- Privacy Policy Link redirects to a 404 error HOT 1
- Extra comment closure in new site skin HOT 1
- Accessibility Errors on devicepki.idmanagement.gov
- Repo retirement/public archive HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from policies.