Eddy Nigg wrote:
no CA was here admitted under these conditions for having the code
signing bit turned on.
I'm not saying that at some point in PKI history this wasn't done. It's
not done today and fee free to publicly name the CA which does that.
Last I checked there definitively were some code signing certificates
basically issued under the terms of "If the credit card check comes back
OK, issue it". It's a little while ago thought.
But really. It's *hard* to do better than that, better than "Send us by
fax our doctored ID so that we check if you pass the bar of having
minimal photoshop skills".
If and when people will have a governmentally issued cryptographic ID
card, it will become a lot easier, but then the code signing CA will
have little room for added value.
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
