On 9/11/2015 3:23 AM, Peter Bowen wrote:
On Thu, Sep 10, 2015 at 3:54 PM, Peter Kurrasch <[email protected]> wrote:
It seems to me that the benefits of this proposed change are minimal while
the negative impacts to embedded systems are significant. Perhaps I've
missed something?
It should be understood that code signing is very important in the
embedded space--just ask Tesla or Jeep/Chrysler or Nest or other IoT
product developers. If we accept that premise, the question immediately
becomes: How do we put together a good code-signing system and how does
(should?) Mozilla products factor in to that system?
I'm not that familiar with the embedded space, but I'm not clear how public
code signing certificates help these companies. A public code signing
certificate is basically an IV/OV/EV certificate without any DNS Names or
IP Addresses in the SAN extension. It is an identity certificate, which
identifies either an individual or an organization.
The value that it brings is that a relying party can use it to establish
their own trust policy. They can choose to trust software signed by
"Example Corp Inc." but not "FooCorp LLC".
In the embedded space, I would assume there is no human to make these
decisions, so I'm not clear on the value of a code signing certificate.
Even if there is a human to make these decisions, in the embedded space
the decision actually is made by the manufacturer of a device at the
embedding time. So indeed no choice for the human to challenge the
decision which is relies on a particular code signing certificate. I'm
not sure if this reliance is static or assumes regular online status check.
Thanks,
M.D.
How are embedded developers using the Code Signing key usage in NSS?
Thanks,
Peter
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
