Comment by notepad0x90
Comment by notepad0x90 a day ago
Cheaper code-signing certs would be great. I don't like how the CA/B is so focused on TLS only. PKI is a slightly wider landscape. I sincerely hope PKI-centric code and package signing makes its way to the Linux world where most influential people in these discussions live, so they can appreciate the importance of having a "letsencrypt" for other types of PKI usage like S/MIME and Authenticode.
There is literally a code-signing working group in the CA/BF. However, the browsers don't really participate in it, since it's irrelevant to browsers. This is the entire point of moving to dedicated hierarchies per use-case---each PKI (web, code signing, etc) can evolve independently.