On 22/10/2016 00:57, Jernej Simončič wrote:
On Fri, 21 Oct 2016 10:03:46 -0700 (PDT), Han Yuwei wrote:
I am also a StartCom's SSL & S/MIME certificate user. The only problem for me
is that I must re-config nginx. S/MIME have a lot of alternatives for free. Code
Signing may only works on Windows but Microsoft seems like don't care about this
because CNNIC is still trusted.
In my experience, StartCom's non-EV codesigning certificates were never
actually useful - they explicitly disable timestamping, so after the
certificate expires, the signature is rendered invalid.
That stinks.
While Mozilla doesn't care about code signing and Microsoft's root
store may be lax, I think there are probably a lot of (current)
StartCom low cost OV codesigning customers who will need a suggestion
for an alternative.
Talking of codesigning, which root store does Chrome use to validate
signatures on the PPAPI plug ins it is currently forcing developers to
switch to?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
