Kirill S. Palagin wrote:
-----Original Message-----
From: Dave Barton [mailto:[EMAIL PROTECTED]
Sent: Monday, April 16, 2007 5:40 PM
From personal first hand experience, I can say that your
first statement is only partially true. In that Microsoft
recognises more than 20 CAs for different Windows security
functions, but not all of them for code signing to comply
with the MRCP (Microsoft Root Certificate Program), which is
the issue in question here. For a list of recognised CAs see:
http://msdn2.microsoft.com/en-us/library/ms995347.aspx
27 CAs can issue certificates for Code Signing.
In that code signing for Windows has nothing to do with
Microsoft, your statement is totally incorrect. For software
not to trigger the warning referred to by the OP, it must be
certified by Microsoft under the MRCP.
I do not think so - we do not need to become root. We just need to
obtain certificate
for the name "OpenOffice.org project" (or whatever) and we can start
signing with that certificate.
http://msdn2.microsoft.com/en-us/library/ms537361.aspx
"To obtain a certificate from a CA, a software publisher must meet the
criteria for either a commercial or an individual publishing certificate
and submit these credentials to either a CA or a local registration
authority (LRA). The criteria discussed below have been proposed by
Microsoft. Note that standards bodies, such as the World Wide Web
Consortium (W3C), are reviewing these criteria and they are subject to
change. A description of the overall process of obtaining a certificate
for code signing ends this section of the document."
We can do this in the same way Firefox installer is signed by VeriSign
(with
publisher being "Mozilla Corporation")).
And we can roll out new releases every day without involving external
entities.
Perhaps www.thawte.com might be a good CA candidate. Though currently
owned by Verisign, it was founded by Mark Shuttleworth of Ubuntu fame.
They might be a bit more receptive to open source software than MS.
They also provide free personal email certificates.
--
Use OpenOffice.org <http://www.openoffice.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
