> -----Original Message----- > From: Dave Barton [mailto:[EMAIL PROTECTED] > Sent: Monday, April 16, 2007 5:40 PM > > From personal first hand experience, I can say that your > first statement is only partially true. In that Microsoft > recognises more than 20 CAs for different Windows security > functions, but not all of them for code signing to comply > with the MRCP (Microsoft Root Certificate Program), which is > the issue in question here. For a list of recognised CAs see: > http://msdn2.microsoft.com/en-us/library/ms995347.aspx
27 CAs can issue certificates for Code Signing. > In that code signing for Windows has nothing to do with > Microsoft, your statement is totally incorrect. For software > not to trigger the warning referred to by the OP, it must be > certified by Microsoft under the MRCP. I do not think so - we do not need to become root. We just need to obtain certificate for the name "OpenOffice.org project" (or whatever) and we can start signing with that certificate. http://msdn2.microsoft.com/en-us/library/ms537361.aspx "To obtain a certificate from a CA, a software publisher must meet the criteria for either a commercial or an individual publishing certificate and submit these credentials to either a CA or a local registration authority (LRA). The criteria discussed below have been proposed by Microsoft. Note that standards bodies, such as the World Wide Web Consortium (W3C), are reviewing these criteria and they are subject to change. A description of the overall process of obtaining a certificate for code signing ends this section of the document." We can do this in the same way Firefox installer is signed by VeriSign (with publisher being "Mozilla Corporation")). And we can roll out new releases every day without involving external entities. Regards, Kirill Palagin. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
