Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SignCheck should be able to verify against a set of known subjects. #15101

Open
2 tasks
mmitche opened this issue Sep 23, 2024 · 0 comments
Open
2 tasks

SignCheck should be able to verify against a set of known subjects. #15101

mmitche opened this issue Sep 23, 2024 · 0 comments

Comments

@mmitche
Copy link
Member

mmitche commented Sep 23, 2024

  • This issue is blocking
  • This issue is causing unreasonable pain

.NET uses its own signing signature (chained to the typical MS Authenticode cert) that we use to sign most of our binaries. These certs have subject names that have meaning to certain tools like Defender. If these change, we want to know and contact the Defender team.

To know when we should perform such an action, I recommend that SignCheck be altered to verify the subject of all authenticode signed files against a known list. If the subject is not in that list, point to a document in Arcade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant