On Dec 10, 2008, at 6:37 PM, Perry The Cynic wrote:
You can also get more adventurous by adding criteria on Info.plist
contents or signing certificate contents to the DR, to e.g.
distinguish beta releases (CFBundleShortVersionString contains "b")
or different signing identities by subject contents or special
extensions you bake into the certs. The possibilities are, pretty
Sorry, I seem to be losing focus, here. What would I gain by doing all
I get that I can program some pretty darned creative requirements into
the certs, and these will be checked and, to some degree, enforced by
the several subsystems that check that sort of thing. But we can
generally assume that my distribution passed all these checks at the
moment I posted it; what additional assurances or information am I
providing my end users?
I guess I was looking for something amounting to a certificate that
the program they run really is the program I distributed -- hasn't
been hacked by some virus, hasn't been replaced by some malware
version, anything like that. I'm beginning to believe that this sort
of assurance was not intended by this subsystem; at any rate, it
doesn't seem like this subsystem can provide this assurance, since any
virus or malware can simply sign the hacked/replaced copy with their
own rules. Even if I go to the trouble to use distribution
certificates issued by a standard CA, and require such certificates in
my rules, the malefactor can simply omit that requirement during
(re)signing. To provide this assurance, the expectation of centrally
authorized certificates would have to be built into the system,
outside of my or malefactor's reach--Apple's problem to secure, not
mine. Right? Am I still missing something?
So we're not looking for identity assurances or malice-blockers. We
can do some clever things among cooperating participants, that might
be worthwhile. But info like "this is a beta" vs. "this is a final
release" still has to be displayed by my own code and windows. What do
I gain over simply including such a string in some bundle *.strings
I'm feeling stupid. Sorry about that. I'm probably sounding querulous;
I get that way when I feel stupid, sorry about that, too.
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden