|
Posted by Nicole Calinoiu on November 30, 2005, 9:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Does anyone have some best practices for how to deploy patches
> (selected subsets of assemblies) that will work with other previously
> deployed .NET assemblies that are all digitally signed with an
> Authenticode (digital code signing) certificate and enforce link
> demands? We're using LinkDemand to ensure that callers have been
> signed with the same digital certificate as the assemblies being called
> (to ensure their authenticity),
In v. 2.0 of the .NET Framework, fully trusted code automatically passes any
identity permission demand, so you may want to reconsider this approach.
(In v. 1.x, it was fairly trivial for highly privileged code to bypass such
checks, so it's also of limited use there, although a developer would at
least be aware of the "transgression".)
> but once a certificate expires, it
> appears that a "patch" of any of these assemblies is not possible --
> all assemblies have to be resigned with a valid certificate and
> redeployed.
Have you considered applying a timestamp when signing the assemblies? This
is done by specifying the timestamp server URL via the -t option of either
signcode.exe or signtool.exe. If you're not sure which timestamping service
to use, check with your CA. If they have their own, it probably makes sense
to use it. Otherwise, the Verisign service at
http://timestamp.verisign.com/scripts/timstamp.dll.
> Is our understanding correct about this, and are there
> suggestions/best practices for dealing with this situation?
Timestamping is pretty much the only alternative to resigning if you're
using authenticode signatures.
| 
XML site map