Hacker News new | past | comments | ask | show | jobs | submit login

As pointed out in other Gatekeeper threads, it would be nice if users could choose which signing authorities to trust. Signing is a good security model, but a single authority sounds risky to me. Perhaps I feel that Signing Authority Foo has a better definition of malware (read: which certificates to reject) than Apple has.



It could be useful to be able to remove the Apple root from trust as well, only running locally signed applications.

(Could be useful for public environments, schools, libraries, enterprise etc.)


I wouldn't be all that surprised if this were already possible through Keychain Access.


I wonder what the revocation API is like.


I'm sure you will be able to add certs in Keychain Access, just like you can now.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: