Re: [cryptography] How are expired code-signing certs revoked?

Thu, 08 Dec 2011 08:31:16 -0800 

2011/12/7 Marsh Ray <[email protected]>:
>
> On 12/07/2011 07:01 PM, lodewijk andré de la porte wrote:
>>
>> I figured it'd be effective to create a "security awareness group"
>> figuring the most prominent (and only effective) way to show people
>> security is a priority is by placing a simple marking, something like
>>  "this site isn't safe!"
>
>
> I thought the international symbol for that was already agreed upon:
> goatse.cx
>
>
>
> On 12/07/2011 07:13 PM, lodewijk andré de la porte wrote:
>>
>> I'm afraid signing software is multiple levels of bullocks. Imagine a
>>  user just clicking yes when something states "Unsigned software, do
>> you really want to install?".
>
>
> You're just thinking of a few code signing schemes that you have direct
> experience with.
>
> Apple's iPhone app store code signing is far more effective for example.
https://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to