[Cryptography] Blockchained code signing.
Phillip Hallam-Baker
phill at hallambaker.com
Sun May 7 10:35:44 EDT 2017
Someone brought up the Apple code signing infrastructure. Yes, there is an
issue there, yada, yada. And not just with Apple, it is a basic problem
with signing any platform: How do you know the distribution is to be
trusted?
Here is how: You use Certificate Transparency.
Only instead of enrolling certificates, you enroll signatures on code
releases. And you establish an update process that ensures that code
updates will only be retrieved if the signature is properly enrolled.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170507/8466fc56/attachment.html>
More information about the cryptography
mailing list