Ian McMillan

icon company @microsoft icon location PM at Microsoft working on Trusted Signing

Results 7 comments of Ian McMillan

[User Story] notation inspect signatures

I have a similar perspective with regards to discoverability of the public key to provide the consuming party choice to trust. Platform providers historically provide a trust list that is...

id-kp-codeSigning EKU restriction for signing certificate.

id-kp-codeSigning OID is for "signing of downloadable executable code" per RFC5280, we extend this definition to all signable code (contiguous bits) that is executable code or directly impacts executable code...

Relax minimum subject DN field values for trustedIdentities to not include state/province (S/ST)

CN and O field values are commonly the same values, but there are many cases where a legal tradename or "dba" (doing business as) name can be placed in the...

Support for Azure Trusted Signing

@ROGG437063 sorry for the confusion on the docs regarding the SDK. We have kept the current version from our preview unlisted while we prep a new release of the SDK....

Support Azure Trusted Signing certificate on NuGet.org account settings

Supporting the Subscriber identity validation EKU as @dlemstra points out would be durable over all certificate rotations/renewals. Here is the public docs on these values: https://learn.microsoft.com/en-us/azure/trusted-signing/concept-trusted-signing-cert-management#subscriber-identity-validation-eku.

Trusted Publisher Checks for Azure Trusted Signing

This looks really good.

Azure Trusted Signing fails when using Public Trust test certificates

Looks like the Certificate Profile is the Test and not Public Trust profile. The certificate chain and root for Test is not publicly trusted. That profile type is only for...