Marsh Ray <[email protected]> writes: >Apple's iPhone app store code signing is far more effective for example.
The effectiveness of that isn't the PKI or the signing though, it's that Apple vets the apps before allowing them in the store. You don't need certs, all you need to do is have Apple sign the apps with a key that's burned into the iPhone. PKI in this case just gets in the way. Heck, you don't even need signatures, just have the iPhone contact Apple and say "I just got fed something with this hash, is it OK?". (Due to a confusion over certs, you couldn't until recently even verify the signatures yourself because Apple published a different cert on their web site than the one they used for signatures. But in any case any use of PKI, and possibly even signatures, in this case is just unnecessary complexity). Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
