By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,346 Members | 2,331 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,346 IT Pros & Developers. It's quick & easy.

"Patching secure assemblies whose digital certificate has expired" ??

P: n/a
"We use an Authenticode (digital code signing) certificate from Verisign to
digitally sign our .NET assemblies, and to ensure the assemblies in a
calling tree are authentic as each class and public method in secure
assemblies are decorated with this attribute:

[System.Security.Permissions.PublisherIdentityPermi ssion(SecurityAction.LinkDemand,

X509Certificate=CodeIdentity.PublisherX509Certific ate)]

which has the effect of ensuring that the set of secure assemblies have all
been signed with our Authenticode certificate and are therefore authentic.
The issue that we have is that once such a set of secure assemblies has been
deployed to our customers, and the Authenticode certificate used to sign
them has expired, is it possible to create a "patch" (a small subset of
updated/fixed assemblies) that will work with this old set of secure
assemblies, or must we (at a minimum) re-sign all these assemblies with a
new, valid Authenticode certificate and redeploy the whole set along with
the few that are being updated?

If it is not possible to perform such a "patch", is Microsoft considering a
way to securely support such an action? It seems that many .NET clients in
addition to our company would have a need to do this."

-jeff arnett
Dec 1 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.