undefined | Better HN

0 pointsSomeone12347y ago0 comments

The Reputation requirement exists simply because there's CAs in the Windows certificate store that aren't super trustworthy, and frankly that malware could seek to get a code signing certificate.

Arguably the Reputation requirement is more helpful than the information held in the certificate, since Reputation is hard to fake whereas that information is provided by the requestor and its validation depends on the CA's processes (which as I said varies wildly).

It is one of those "greater good" things. It does suck for FOSS however.

0 comments

Sephr7y ago

I'm not arguing against reputation requirements, I'm arguing for consistency.

EV certificates are literally a reputation requirement backdoor.

If EV-signed apps had to deal with the same SmartScreen reputation requirements as non-EV-signed apps, Microsoft might actually have to address this issue brought up in the parent comment:

> Every time you have to get a new one, with same story of "reputation" again.

j / k navigate · click thread line to collapse