undefined | Better HN

0 pointsJohnTHaller8y ago0 comments

Code signing certificates are different from website certificates. When you use a code signing certificate - when doing it right, anyway - you also loop in a timestamp server. That way, you're signing it with your currently valid certificate and a third party is proving it was signed at a time the certificate is valid. This is so that when your code signing certificate expires in a few months, the binary you signed while the certificate was valid can still be used. Without timestamp servers, you couldn't now go back and install an older version of Firefox, for instance, because the certificate it was signed with last year is now expired.

0 comments

Angostura8y ago

What makes you think this was a code-signing certificate? The fact that the error involves the inability to reach a server suggests strongly that it was a TLS cert or somesuch

JohnTHallerOP8y ago

The parent of the comment I replied to was talking about a timestamp server. I was explaining what that meant and why it was using it. I don't know what the actual issue is with the Oculus' handling of certificates and whether it was a code signing certificate or not.

nikanj8y ago

I guess they see that as a feature. Maybe the old version of Firefox wasn't as anal with DRM as the current version is.

j / k navigate · click thread line to collapse

0 comments

Angostura8y ago

What makes you think this was a code-signing certificate? The fact that the error involves the inability to reach a server suggests strongly that it was a TLS cert or somesuch

JohnTHallerOP8y ago

nikanj8y ago

I guess they see that as a feature. Maybe the old version of Firefox wasn't as anal with DRM as the current version is.

j / k navigate · click thread line to collapse