Tags

AIR Does NOT Require Certificate for Full API

by Kyle Hayes on February 25th, 2008

After Ted posted his AIR entry on his blog and talked about the various great things about the runtime, he also mentioned that it is important to purchase a signed certificate from companies such as Thawte in order to get the “greatly expanded APIs”, I immediately pinged Ryan to confirm this since Ted was not immediately available.

Shocked, Ryan went to check and reported back that it was not the case. Since then, I noticed that the misinformation has been removed from Ted’s blog.

The actual question I posed to Ryan was if he thought the $300 certificate cost from Thawte would discourage the development of open source and free applications. He didn’t think so due to the ability to self-sign your own applications, however, at the cost of them being labeled as “UNVERIFIED” when the user installs them. Is there a way around this? Such as a certificate for open source applications to encourage this ever-increasingly popular movement?

Popular Posts

5 Comments →

doug permalink

Kyle, I actually just read about this today http://tinyurl.com/2kcatu.
The certificate is evaluated at the system level so unless the user’s OS recognizes the certificate (e.g. the user loads a certificate into the certificate store if it does not exist) the cert will not be recognized and will therefore be unverified. Thawte and Verisign are apparently the only two cert authorities which are readily recognized by Win OS X (see "How To Get A Certificate" para. 1)
Kyle Hayes permalink

@doug – Yea, and this is what my point is. The only way to get unverified is to purchase a very expensive annual subscription to a certificate. I would love to see it either be free or a very low cost alternative for open source applications.
doug permalink

I would say that we could but it looks like we either need to ask our user to install the certificate or we need to ask Bill and Steve to include additional verified certificate authorities in their service packs/updates. Either way I think we’re looking down a $300.00 barrel ($400 for Verisign).
From my Win box:
The certificate store
There are four basic sources for the certificates found in the certificate stores on your computer:

The certificate is included with your installation of Windows XP and came on the Windows XP CD.
You use an application such as an Internet browser to engage in a SSL session, during which certificates are stored on your computer after establishment of trust.
You explicitly choose to accept a certificate, as when you install software or receive an encrypted or digitally signed e-mail from others.
You request a certificate from a certification authority, such as a certificate needed to access specific organizational resources.

It’s not uncommon to ask your user to install the security certificate, I am thinking that this would be the way to go on a budget. Here is a list from the Open Directory: http://tinyurl.com/3e4opt
Ted Patrick permalink

Sorry about the misinformation in my post. It has been corrected.

And yes a certificate is worth it.

Regards and Apologies,

Ted
Kyle Hayes permalink

Heh, no problem. But I would like to say that I don’t doubt the worthiness of the cert.

Leave a Reply

About

Kyle Hayes is a web developer for the Disney Interactive Media Group in North Hollywood, CA. He graduated from the California State Polytechnic University, Pomona in 2006 and has over twelve years of experience as a programmer. He is quite enthusiastic about innovation, design patterns and semantic-based development. In addition, Kyle, is versed in many different programming languages such as: ActionScript, AppleScript, C++, Objective-C, ColdFusion, C#, Java, JavaScript, (X)HTML, PHP, Python, and Visual Basic. His passion for technology since he was very young has pushed him to excel in everything that he does.

Copyright © 2010 Kyle Hayes. Titan Theme by Jestro.