Hmm. Yeah, we'll definitely have to setup an OCSP responder. (Gonna have to think about that one a bit more). In the short run we can make sure we have a CRL in place.
I've got some bigger ideas on how to bring a complete WoT into it, but I suspect we'll be well served by starting with just the CoApp CA and move towards the higher goals as we can. I think that I've got some small work to do with the bootstrapper so that when CoApp bootstraps you see the Outercurve cert, but when the actual package install, if you elevate, you see *that* publisher... not too hard tho; Luckily I already pick and choose when to elevate. G ________________________________________ From: coapp-developers-bounces+garretts=microsoft....@lists.launchpad.net [coapp-developers-bounces+garretts=microsoft....@lists.launchpad.net] on behalf of William A. Rowe Jr. [[email protected]] Sent: Wednesday, January 04, 2012 1:47 PM To: Mark Stone Cc: [email protected] Subject: Re: [Coapp-developers] Codesigning for the masses. On 1/4/2012 1:31 PM, Mark Stone wrote: > > I guess my first question would be: "If this is such a great idea, why isn't > it already > being done elsewhere?". It is... that's precisely what most packagers do, they ship out their pgp keys and have the user add this to their web of trust in order to accept packages for the new version / validated by the new pgp key. On windows, it isn't... I think nobody's had the balls to replace the root chain. I half expect a long rant from Gibson explaining how CoApp seeks to eliminate all the security from the internet :-P Brilliant Garrett, as the 'umbrella' of a distinct 'environment', it seems entirely sensible to inject a root key and treat this a WoT. If we have the capacity, it would be helpful to inject the OCSP authority and set up an OCSP responder. Of course code signing and revocation all mean nothing with system services at startup time, prior to having a useful network stack. _______________________________________________ Mailing list: https://launchpad.net/~coapp-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~coapp-developers More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~coapp-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~coapp-developers More help : https://help.launchpad.net/ListHelp
