On Thu, Sep 22, 2011 at 1:32 AM, Chris Palmer wrote:
> On Sep 21, 2011, at 10:11 PM, M.R. wrote:
>
>>> Please look into how code signing on Android works and what it means.
>
>> A quick summary would be appreciated, especially on the "meaning" part.
>
> Google: [ android code signing ]
>
> http://
On Sep 21, 2011, at 10:11 PM, M.R. wrote:
>> Please look into how code signing on Android works and what it means.
> A quick summary would be appreciated, especially on the "meaning" part.
Google: [ android code signing ]
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
"""Andr
On 21/09/11 06:59, Chris Palmer wrote:
Please look into how code signing on Android works and what it means.
A quick summary would be appreciated, especially on the "meaning" part.
M.R.
___
cryptography mailing list
cryptography@randombit.net
http://l
On Wed, Sep 21, 2011 at 7:59 AM, Chris Palmer wrote:
> Please look into how code signing on Android works and what it means. It's
> not what you think — there are no CAs.
The code signing models in Android and Chrome (for extensions) are a
small island of sanity in a crazy world.
Please look into how code signing on Android works and what it means. It's
not what you think — there are no CAs. By making their signing key public,
if that's what they do, Cyanogen out their users at huge risk: any third
party app can take any System or SystemOrSignature permission, or
impersonat
On 20/09/11 21:48, Peter Gutmann wrote:
...to sign their code.
...I get the impression they see
security as a nuisance to be bypassed rather than a real requirement.
I'd like to assure you that code signing and the associated need
to buy a certificate service from a third party is viewed as a
"