Symbian Signed launched publicly on 18th May 2004, which makes it five years old today 🙂

Although I can’t claim the credit (or blame!) for it, I have been somewhat involved with it for all that time, so I thought it might be useful to record some of the background and rationale. Symbian Signed now has an opportunity to develop in new directions, but it’s always good to be informed by the lessons of history.

Read the rest of this entry »

Ben Laurie, who certainly knows security, and is a top bloke for the work he has done on FreeBMD, posted yesterday on why signatures don’t provide assurance of trustworthiness or quality.

I have to respectfully disagree on this.  The context is the W3C widget signing specification, and the wording in that spec that is at issue is:

Widget authors and distributors can digitally sign widgets as a trust and quality assurance mechanism.

If third-party CAs issue code signing certificates to widget authors, and the device trusts the widget authors’ signatures, then I agree it won’t assure either trustworthiness or quality.  I think that’s the model Ben is criticising (as in Microsoft Authenticode) and I agree with him so far as that goes.  There is, however, an alternative model which is the one that Symbian Signed has been successfully using for the past several years: the device doesn’t trust the developer’s signature, but the developer submits their signed application to a certification programme, which enforces acceptance criteria before re-signing the application with a different signature that is trusted by the device.

You can of course argue with the specific acceptance criteria, but surely this model can theoretically provide assurance of trustworthiness or quality, and the W3C widget signing spec can be used with that sort of signing scheme.