×

Discussion Board

Results 1 to 3 of 3
  1. #1
    Registered User
    Join Date
    Nov 2005
    Posts
    2

    code signing, a free and secure approach

    As some of you may have already noticed the CAcert root certificate recently got included with the Nokia 770. I take this as a sign that Nokia might accept the CAcert root certificate also for mobile phones in the near future. This could provide developers with access to free code signing certificates.
    CAcert is based on a Web-Of-Trust. This means that after a person gains the highest trust level CAcert will issue code signing certificates to that person. All certificates are free of charge.
    The Web-Of-Trust process of Assurances where other WOT members verify ones Identity is free of charge in most cases. A person might charge for that, but most don't. Of course buying someone a beer is an good argument for an short assurance meeting.
    AFAICT the WOT is spreading at a high pace throughout the world. Very active countries are Germany, The Netherlands, Australia, USA, ...

    Just thought you might be interested. As for now code signing certificates seem to be quite an expensive thing.

    cheers

    Thomas

  2. #2
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105
    Have you checked it is for Java and/or Symbian OS? I bet it is authorized for internet SSL only.

  3. #3
    Registered User
    Join Date
    Nov 2005
    Posts
    2

    Re: code signing, a free and secure approach

    As for now the only thing I certainly know is that the root certificate got included into the Linux structure of the Nokia 770. I saw it on Linux World Expo in Frankfurt am Main last week.

    I hope Nokia will include the root cert in the near future also into mobile Phones. As far as I know CAcert is already being internally reviewed by Nokia. Hopefully they'll accept CAcert for all purposes.

    Security measures taken by CAcert are quite high, especially in regard to code signing certificates. You have to reach at least 100 points in the Web-of-Trust. This usually means ID verification by at least 3 or more WOT Members. For simple email or server certificates there's only a need for 50 points (~ 2 ID verifications).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×