Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignCheck should be able to verify against a set of known subjects. #15101

Open
2 tasks
mmitche opened this issue Sep 23, 2024 · 1 comment
Open
2 tasks

SignCheck should be able to verify against a set of known subjects. #15101

mmitche opened this issue Sep 23, 2024 · 1 comment

Comments

@mmitche
Copy link
Member

mmitche commented Sep 23, 2024

  • This issue is blocking
  • This issue is causing unreasonable pain

.NET uses its own signing signature (chained to the typical MS Authenticode cert) that we use to sign most of our binaries. These certs have subject names that have meaning to certain tools like Defender. If these change, we want to know and contact the Defender team.

To know when we should perform such an action, I recommend that SignCheck be altered to verify the subject of all authenticode signed files against a known list. If the subject is not in that list, point to a document in Arcade.
@missymessa
Copy link
Member

@mmitche are you thinking this should belong in the SignTool epic?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmitche @missymessa