In 2005 i tried to establish a WinQual account with Microsoft, so i could pick up our (if any) crash dump files submitted automatically through Windows Error Reporting (WER). i was not allowed to have my crash dumps, because i don't have a Verisign certificate. Instead i have a cheaper one, generated by a Verisign subsidiary: Thawte.
The method in which you join is: you digitally sign a sample exe they provide. This proves that you are the same signer that signed apps that they got crash dumps from in the wild.
Cryptographically, the private key is needed to generate a digital signature on an executable. Only the holder of that private key can create a signature with for the matching public key. It doesn't matter who generated that private key. That includes certificates that are generated from:
self-signing
Wells Fargo
DigiCert
SecureTrust
Trustware
QuoVadis
GoDaddy
Entrust
Cybertrust
GeoTrust
GlobalSign
Comodo
Thawte
Verisign
Yet Microsof's WinQual only accepts digital certificates generated by Verisign. Not even Verisign's subsidiaries are good enough (Thawte).
Can anyone think of any technical, legal or ethical reason why Microsoft doesn't want to accept code-signing certificates? The WinQual site says:
Why Is a Digital Certificate Required
for Winqual Membership?
A digital certificate helps protect
your company from individuals who seek
to impersonate members of your staff
or who would otherwise commit acts of
fraud against your company. Using a
digital certificate enables proof of
an identity for a user or an
organization.
Is somehow a Thawte digital certificate not secure?
Two years later, i sent a reminder notice to WinQual that i've been waiting to be able to get at my crash dumps. The response from WinQual team was:
Hello,
Thanks for the reminder. We have
notified the appropriate people that
this is still a request.
In 2008 i asked this question in a Microsoft support forum, and the response was:
We are only setup to accept VeriSign
Certificates at this point. We have
not had an overwhelming demand to
support other types of certificates.
What can it possibly mean to not be "setup" to accept other kinds of certificates?
If the thumbprint of the key that signed the WinQual.exe test app is the same as the thumbprint that signed the executable who's crash dump you got in the wild: it is proven - they are my crash dumps, give them to me.
And it's not like there's a special API to check if a Verisign digital signature is valid, as opposed to all other digital signatures. A valid signature is valid no matter who generated the key.
Microsoft is free to not trust the signer, but that's not the same as identity.
So that is my question, can anyone think of any practical reason why WinQual isn't setup to support digital signatures?
One person theorized that the answer is that they're just lazy:
Not that I know but I would assume
that the team running the winQual
system is a live team and not a dev
team - as in, personality and skillset
geared towards maintenance of existing
systems. I could be wrong though.
They don't want to do work to change it. But can anyone think of anything that would need to be changed? It's the same logic no matter what generated the key: "does the thumbprint match".
What am i missing?