Dashboard > Garnet's Wiki > 2008 > August > 04 > Rant Against High Cost To Code Sign Free Applications
  Garnet's Wiki Log In | Sign Up   View a printable version of the current page.  
 
Rant Against High Cost To Code Sign Free Applications
   
Google
 Browse Space
Added by Garnet R. Chaney, last edited by Garnet R. Chaney on Aug 04, 2008  (view change)
Labels: 
(None)

 

It's great that technologies, like Adobe AIR, encourage software publishers to take responsibility for their software. It's too bad that the only way to do that is to pay protection money to overpriced certificate vendors.

I recently released my Air Server and Website Monitoring Tool for free. It's a nice widget to help me monitor all the various websites that I own, and it was a nice reason to learn how to use Adobe AIR.

One of the decisions that you have to make before publishing an AIR application is how to sign the application. I just read this article about Digitally signing Adobe AIR applications.

The article gives a good justification for why software tool vendors are adding code signing capabilities to their tools:

  • Code signing takes care of these scenarios by building customer confidence that what they're installing was created by the named publisher, and that the code hasn't been changed since that publisher signed it.

The choices for signing your application are:

  • Free: use a self created certificate that flashes a big "UNKNOWN" publisher warning when users try to install the app (like the one on the right).
  • Expensive: use a commercial code signing certificate. These cost $300 or more, per year, per technology!

Using the commercial code signing certificate, from companies like Thawte has all kinds of benefits like annual fees, red tape, and not frightening your users who got up enough courage to even try downloading and installing your application. Thawte proclaims "In a world of risk, know who to trust"

Here is some pricing, as of August 2008:

Pricing 1 yr 2 yr 1 year renew 2 year renew
Thawte $299 $549 $249 $499
Verisign $499 $894

Am I the only one who thinks that is outrageously expensive? The article on code signing mentions in more than one place that Verisign and Thawte are (maybe) the only choices if you want users not to see warning dialogs, because, as the article on code signing AIR applications points out:

  • However, only [VeriSign] and Thawte come pre-installed on most end user's machines (Mac OS X or Windows) and are trusted by the operating systems.... Using certificate authorities other than Thawte or Verisign is going to require that the end user (not the developer of the software), or a system admin charged with managing a computer on an enterprise network, manually install a root certificate for that certificate authority.

More of my rant here: The High Cost of Digital Code Signing Certificates To Give Away Free Applications...
August 2008
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

It's not even 7am, but I'm calling to remind you that your software license needs to be renewed
Google creates Knol to compete with wikipedia
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.3 Build:#705 Mar 21, 2007) - Bug/feature request - Contact Administrators
Complete Wiki Notation Guide