The irony of arguing that the rapid rate of certificate revocations is proof of ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stefan_ on Nov 25, 2020 \| parent \| context \| favorite \| on: macOS has checked app signatures online for over 2... The irony of arguing that the rapid rate of certificate revocations is proof of the system being necessary and secure. No, it's proof that the system is useless. Code signing is a dead end, and we have known that latest with Stuxnet.

viktorcode on Nov 25, 2020 [–]

With the system checking for certificate validity Stuxnet would have stopped shortly after its certificate was revoked.

Regardless, Stuxnet example is way off the mark. It was designed to work in air-gapped network and defeat particular set of obstacles.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact