| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by fuzzy2 2971 days ago
	Interesting, I wasn’t aware of that. However, isn’t getting an EV certificate impossible for a natural person? You’d have to be some sort of legally recognized organization. Not exactly suitable for small-scale Open Source development.

1 comments

gruez 2971 days ago

>However, isn’t getting an EV certificate impossible for a natural person? You’d have to be some sort of legally recognized organization

no? random example:

https://sourceforge.net/projects/keepass/files/KeePass%202.x...

signer is: "Open Source Developer, Dominik Reichl"

edit: another example

https://yarnpkg.com/latest.msi

signer is: "Daniel Lo Nigro"

link

fuzzy2 2970 days ago

KeePass: This isn’t an EV certificate (has only OID 2.23.140.1.4). Certum also clearly states, topmost on the description of how to get an EV Code Signing certificate:

> We do not issue EV Code Signing certificates to natural persons!

Yarn: Not an EV certificate either: "Organizationally validated certificates used to sign standard objects." (2.16.840.1.114412.3.1 in addition to 2.23.140.1.4.1).

link