Windows driver signing certificate purchase decision for WinPcap and Npcap

[Yang Luo <hsluoyb () gmail com>]

Hi list,

There's only 8 days left for Win10 RTM. It seems that both WinPcap and
Npcap need to decide which kind of Windows driver signing certificate to
buy. There are two kinds of certs: EV cert and non-EV cert.

AFAIK, I think we don't need to buy an EV cert yet, as EV cert is
complicated to use (has to use a hardware key) and much more expensive. You
should have found out that current Npcap driver CAN be successfully
installed into Windows 10 Insider Preview 10240 x64 ( which is a candidate
for Win10 RTM) WITHOUT disabling "Driver Signature Enforcement". The reason
turns out to be: "To ensure backwards compatibility, drivers which are
properly signed by a valid cross-signing certificate that was issued before
the release of Windows 10 will continue to pass signing checks on Windows
10." (see for details:
http://blogs.msdn.com/b/windows_hardware_certification/archive/2015/04/01/driver-signing-changes-in-windows-10.aspx).
My English is not that good, but I think this sentence means that if you
buy a non-EV cert before Win10 release (AKA 2015/7/29), you can use the
cert to sign a driver to any platform including Win10 until it expires. So
you can just buy a 3-year long cert before 7/29 and use it to sign any
drivers for these 3 years. 3 years later, we have no other choice but to
buy an EV cert, but who knows whether Microsoft would change its driver
signing policy again then?

Am I understanding it right?



Cheers,
Yang

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe