undefined | Better HN

0 pointszaarn8y ago0 comments

As you might have guessed, when you don't want someone to use a binary beyond a certain date.

Security Solutions could benefit from this, the customer will have to update or disable the signature check if their version of the solution becomes too old. Old versions could open them up to vulnerabilities.

Another might be when you distribute beta or testing versions of your software. The customers can safely test the version and the lack of timestamp prevents them from running it in production permanently. They have to update to the release version.

It could also be useful when you sell a software to a business and want them to test it first. So you send them the program without a timestamp signature and limit the validity of the certificate. That way they can't just run the test version forever.

Really anywhere where all parties involved, user and producer, do not want to run a binary forever but the producer might not fully trust the user to do that.

0 comments

gmueckl8y ago

The customer can always re-sign the binary if they wante to and replace the existing signature. A time limited inside the program code would be more secure.

j / k navigate · click thread line to collapse

0 pointszaarn8y ago0 comments

As you might have guessed, when you don't want someone to use a binary beyond a certain date.

Really anywhere where all parties involved, user and producer, do not want to run a binary forever but the producer might not fully trust the user to do that.