On 02/06/2010 10:58 PM, Jean-Marc Desperrier:
On 06/02/2010 19:47, Eddy Nigg wrote:
But I guess you would think twice to sign (malicious) code with your
name - any code for that matter.
How hard is it to sign it with a cert you bought with a stolen credit
card number, using the name from the card ?
A 50$ code signing certificate just brings you 50$ worth of security ...
Scrap it.....no CA was here admitted under these conditions for having
the code signing bit turned on.
I'm not saying that at some point in PKI history this wasn't done. It's
not done today and fee free to publicly name the CA which does that.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: [email protected]
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
