[oriesdan]

They're basically just promising they won't be bad guys, which solves nothing.

The proper way to implement their feature without causing privacy issues would be to periodically update a list of authorized certificates and check against that list locally when launching apps. That would probably also increase performances.

[varispeed]

It should only be "opt-in" and the OS should work if the user chose not to be a subject of surveillance.

[sercand]

I will disable it when it comes but I think it should be "opt-out" because otherwise the OS becomes insecure by default. And it will hurt majority of the people. Apple can ask it on system start like Siri and analytics.

[egwor]

If it were a pre-downloaded list then this is not surveillance. What it is doing it ensuring that software hasn't got malware in and/or that the developer's certificate hasn't been removed (e.g. for distributing malware). That's a good thing, like running a checksum on a downloaded file.

[varispeed]

I agree, that would be a good idea, as long as it wouldn't call home and sending any reports afterwards.

[elitan]

How big would such a list be and how quick would a local lookup be?

[oriesdan]

Not any bigger than package repositories on linux distributions, which include the list of all known software and sometimes even rules how to build them.

It's just plain text. If I can have a local dump of wikipedia, I'm pretty sure I can store a list of developer IDs. Especially when I'm a company controlling the hardware and knowing what is the minimum amount of space the hard drives have in my computers.

[tsimionescu]

Extremely small - probably in the megabytes range I would guess.

Think about antivirus definitions - those are many, many times larger, and still they have been kept up to date over the internet for decades.

[tgv]

There is a very large list of binaries that can potentially be downloaded, each of which can have hundreds or thousands of versions, while the number of known virus fingerprints is relatively small.

[aequitas]

Apple doesn't check binary hashes but developer certificates these binaries are signed with. Which there are a lot less of (ie. firefox and thunderbird share the same certificate).

[tgv]

From what I understood, Gatekeeper still sends an application specific hash/ticket when an application is opened, not just a dev certificate (e.g. https://lapcatsoftware.com/articles/catalina-executables.htm...). Did that change in Big Sur?

[_qulr]

The notarization check is on first launch of an app, but it doesn't occur on subsequent launches, unlike the certificate revocation check.

[dimator]

This is what Bloom filters would solve. I believe another poster said that Firefox uses them to quickly check valid certs.

[actuator]

Implementation wise, there are probablilistic DSs like bloom filters which solve this very easily with further checks necesssary for false positives.

[xvector]

Kilobytes to megabytes, see CRLite.