undefined | Better HN

0 pointsjustinclift9y ago0 comments

Good point, that might be the better solution for the public HTTPS part of things.

Lets Encrypt doesn't provide MS Authenticode signing certs (eg to validate our downloads are legit) though. Hopefully this whole mess doesn't scope creep to include those too.

0 comments

marcosdumay9y ago

You bet it will. If MS does not revoke them, it will reflect very badly on the security of their program.

duskwuff9y ago

If anything, I'd expect code signing certificates to be at more risk. Usage of these certificates is inherently much more difficult to track, as signed executables are much harder to discover than web servers. As such, even if there were a "certificate transparency" process for code signing certificates (which I don't believe there is), it'd be difficult to prove it was being operated honestly.

j / k navigate · click thread line to collapse

0 pointsjustinclift9y ago0 comments

Good point, that might be the better solution for the public HTTPS part of things.

Lets Encrypt doesn't provide MS Authenticode signing certs (eg to validate our downloads are legit) though. Hopefully this whole mess doesn't scope creep to include those too.

0 comments

marcosdumay9y ago

You bet it will. If MS does not revoke them, it will reflect very badly on the security of their program.

duskwuff9y ago

j / k navigate · click thread line to collapse