On Jan 17, 2017, at 5:51 AM, Jane Blake <[email protected]> wrote: > I guess my confusion is allowing network connections at all. I'm not sure > which network it refers to, but I'm assuming it means my own network, which > would include my applications and my other computers - not connections > outside my own network - and I've been assuming it would be okay to say > "allow." > > Is this right? >
Please forgive me for getting a bit technical, but here’s an overview of what’s going on. Apple developers can get what’s called a “code signing certificate” from Apple. This is really just a standard public key encryption pair. (I’ve written about these key pairs here many times before in the context of email.) Apple stores a copy of the public key. When the developer wants to distribute an application, a checksum of the program file is computed, encrypted with the private key, and added to the program’s bundle. When the program is executed for the first time on a machine, macOS looks for the checksum. If it’s there, macOS uses the public key stored by Apple to decrypt it and then uses the checksum to make sure the program file is correct. You’ll get the “allow connections” message when macOS can’t check for the public key at Apple’s server. If a program has such an encrypted checksum with its bundle, then the default is for macOS to do all this stuff magically in the background. You should only see this message if macOS is prevented from checking, or the program is not signed. There’s actually a lot more that can be done with this mechanism. The Apple description is here <https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005929-CH1-SW1 <https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005929-CH1-SW1>> L^2
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ MacGroup mailing list Posting address: [email protected] Archive: <http://www.mail-archive.com/[email protected]/> Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
