Secure Coding mailing list archives
RE: Code Signing Processes
From: "Tegels, Kent" <Kent.Tegels () hdrinc com>
Date: Mon, 02 Feb 2004 17:06:34 +0000
Not so much questions, more that I'm interested in hearing what others see as best practices. Looking for discussion rather than answers. Stuff I am interested in: * Best practices for key management * What to sign, what not to sign Stuff I'm less interested in, considering the nature of HDR. * Algorithms (we're stuck with Authenticode) * Tools (MS provides most of what needed out of the box) * Toolkits and APIs (while I like writing small tools to make my life easier, MS has already done most of this for us.) * OS Services * Infrastructure It's not that I'm not interested in those facets at some level, but as I wrote, I'm more interested in learning about the practices, protocols and policies that others who use code signing are using. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jared W. Robinson Sent: Friday, January 30, 2004 3:43 PM To: Tegels, Kent Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] Code Signing Processes On Thu, Jan 29, 2004 at 09:47:15AM -0600, Tegels, Kent wrote:
I'm interested in learning more from this community about others practices, protocols, policies, thoughts and opinions about the Code Signing Processes.
What are your questions about code signing? Here are some possible subjects: - Algorithms - Tools (Commercial, Free and OSS) & their ease of use. - Toolkits and how good the APIs are. - Key management: protection, escrow, revocation, etc. - What to sign. - Operating System services that tie into code signing. - Infrastructure. The more specific your questions, the more likely you are to get a response, I would think. - Jared
Current thread:
- Code Signing Processes Tegels, Kent (Jan 29)
- Re: Code Signing Processes Jared W. Robinson (Jan 31)
- <Possible follow-ups>
- RE: Code Signing Processes Tegels, Kent (Feb 02)