WinQual: Why would WER not accept code-signing certificates?
Posted
by Ian Boyd
on Stack Overflow
See other posts from Stack Overflow
or by Ian Boyd
Published on 2009-03-04T16:54:30Z
Indexed on
2010/05/18
15:00 UTC
Read the original article
Hit count: 477
In 2005 i tried to establish a WinQual account with Microsoft, so i could pick up our (if any) crash dump files submitted automatically through Windows Error Reporting (WER). i was not allowed to have my crash dumps, because i don't have a Verisign certificate. Instead i have a cheaper one, generated by a Verisign subsidiary: Thawte.
The method in which you join is: you digitally sign a sample exe they provide. This proves that you are the same signer that signed apps that they got crash dumps from in the wild.
Cryptographically, the private key is needed to generate a digital signature on an executable. Only the holder of that private key can create a signature with for the matching public key. It doesn't matter who generated that private key. That includes certificates that are generated from:
- self-signing
- Wells Fargo
- DigiCert
- SecureTrust
- Trustware
- QuoVadis
- GoDaddy
- Entrust
- Cybertrust
- GeoTrust
- GlobalSign
- Comodo
- Thawte
- Verisign
Yet Microsof's WinQual only accepts digital certificates generated by Verisign. Not even Verisign's subsidiaries are good enough (Thawte).
Can anyone think of any technical, legal or ethical reason why Microsoft doesn't want to accept code-signing certificates? The WinQual site says:
Why Is a Digital Certificate Required for Winqual Membership?
A digital certificate helps protect your company from individuals who seek to impersonate members of your staff or who would otherwise commit acts of fraud against your company. Using a digital certificate enables proof of an identity for a user or an organization.
Is somehow a Thawte digital certificate not secure?
Two years later, i sent a reminder notice to WinQual that i've been waiting to be able to get at my crash dumps. The response from WinQual team was:
Hello,
Thanks for the reminder. We have notified the appropriate people that this is still a request.
In 2008 i asked this question in a Microsoft support forum, and the response was:
We are only setup to accept VeriSign Certificates at this point. We have not had an overwhelming demand to support other types of certificates.
What can it possibly mean to not be "setup" to accept other kinds of certificates?
If the thumbprint of the key that signed the WinQual.exe test app is the same as the thumbprint that signed the executable who's crash dump you got in the wild: it is proven - they are my crash dumps, give them to me.
And it's not like there's a special API to check if a Verisign digital signature is valid, as opposed to all other digital signatures. A valid signature is valid no matter who generated the key.
Microsoft is free to not trust the signer, but that's not the same as identity.
So that is my question, can anyone think of any practical reason why WinQual isn't setup to support digital signatures?
One person theorized that the answer is that they're just lazy:
Not that I know but I would assume that the team running the winQual system is a live team and not a dev team - as in, personality and skillset geared towards maintenance of existing systems. I could be wrong though.
They don't want to do work to change it. But can anyone think of anything that would need to be changed? It's the same logic no matter what generated the key: "does the thumbprint match".
What am i missing?
© Stack Overflow or respective owner