alt Hacker NewsEV no longer skips smartscreen either nowadays. I understand that was abused, so it's treated as the same as OV. Having a certificate allows the cert itself to accumulate trust (rather than each binary independently doing so) and provides better UX and I suspect an initial small boost to trust signal, but doesn't bypass the initial distrust. There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
Replies
>There's no way to avoid that AFAICT and even if you're an established business you hit it at intervals because all these certificates expire and so the whole process resets every few years anyway. What a mess.
Maybe have overlapping sets of certificates and dual sign your binaries? That way there's always an "aged" certificate available.
> EV no longer skips smartscreen either nowadays.
Not sure of the exact number, but the "nowadays" here is more than a decade.
> EV no longer skips smartscreen either nowadays. I understand that was abused
EV was always going to be abused. It started out promising to be a human verified, $10k cert that meant you were GUARANTEED to be who it said you were. Now I can get one for a couple hundred bucks.
The solution is to separate identity from encryption. They never should have been linked.