Comments on: AIR Does NOT Require Certificate for Full API http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/ Rich Internet solutions utilizing Flex, ActionScript, JavaScript, Dojo, Objective-C, and the iPhone Mon, 17 May 2010 20:26:27 +0000 hourly 1 http://wordpress.org/?v=3.0 By: doug http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/comment-page-1/#comment-324 doug Mon, 25 Feb 2008 00:00:00 +0000 http://www.kylehayes.info/blog/index.cfm/2008/02/25/AIR-Does-NOT-Require-Certificate-for-Full-API#comment-324 Kyle, I actually just read about this today http://tinyurl.com/2kcatu. The certificate is evaluated at the system level so unless the user's OS recognizes the certificate (e.g. the user loads a certificate into the certificate store if it does not exist) the cert will not be recognized and will therefore be unverified. Thawte and Verisign are apparently the only two cert authorities which are readily recognized by Win OS X (see "How To Get A Certificate" para. 1) Kyle, I actually just read about this today http://tinyurl.com/2kcatu.
The certificate is evaluated at the system level so unless the user’s OS recognizes the certificate (e.g. the user loads a certificate into the certificate store if it does not exist) the cert will not be recognized and will therefore be unverified. Thawte and Verisign are apparently the only two cert authorities which are readily recognized by Win OS X (see "How To Get A Certificate" para. 1)

]]> By: Kyle Hayes http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/comment-page-1/#comment-325 Kyle Hayes Mon, 25 Feb 2008 00:00:00 +0000 http://www.kylehayes.info/blog/index.cfm/2008/02/25/AIR-Does-NOT-Require-Certificate-for-Full-API#comment-325 @doug - Yea, and this is what my point is. The only way to get unverified is to purchase a very expensive annual subscription to a certificate. I would love to see it either be free or a very low cost alternative for open source applications. @doug – Yea, and this is what my point is. The only way to get unverified is to purchase a very expensive annual subscription to a certificate. I would love to see it either be free or a very low cost alternative for open source applications.

]]> By: doug http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/comment-page-1/#comment-326 doug Mon, 25 Feb 2008 00:00:00 +0000 http://www.kylehayes.info/blog/index.cfm/2008/02/25/AIR-Does-NOT-Require-Certificate-for-Full-API#comment-326 I would say that we could but it looks like we either need to ask our user to install the certificate or we need to ask Bill and Steve to include additional verified certificate authorities in their service packs/updates. Either way I think we're looking down a $300.00 barrel ($400 for Verisign). From my Win box: The certificate store There are four basic sources for the certificates found in the certificate stores on your computer: The certificate is included with your installation of Windows XP and came on the Windows XP CD. You use an application such as an Internet browser to engage in a SSL session, during which certificates are stored on your computer after establishment of trust. You explicitly choose to accept a certificate, as when you install software or receive an encrypted or digitally signed e-mail from others. You request a certificate from a certification authority, such as a certificate needed to access specific organizational resources. It's not uncommon to ask your user to install the security certificate, I am thinking that this would be the way to go on a budget. Here is a list from the Open Directory: http://tinyurl.com/3e4opt I would say that we could but it looks like we either need to ask our user to install the certificate or we need to ask Bill and Steve to include additional verified certificate authorities in their service packs/updates. Either way I think we’re looking down a $300.00 barrel ($400 for Verisign).
From my Win box:
The certificate store
There are four basic sources for the certificates found in the certificate stores on your computer:

The certificate is included with your installation of Windows XP and came on the Windows XP CD.
You use an application such as an Internet browser to engage in a SSL session, during which certificates are stored on your computer after establishment of trust.
You explicitly choose to accept a certificate, as when you install software or receive an encrypted or digitally signed e-mail from others.
You request a certificate from a certification authority, such as a certificate needed to access specific organizational resources.

It’s not uncommon to ask your user to install the security certificate, I am thinking that this would be the way to go on a budget. Here is a list from the Open Directory: http://tinyurl.com/3e4opt

]]> By: Ted Patrick http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/comment-page-1/#comment-327 Ted Patrick Mon, 25 Feb 2008 00:00:00 +0000 http://www.kylehayes.info/blog/index.cfm/2008/02/25/AIR-Does-NOT-Require-Certificate-for-Full-API#comment-327 Sorry about the misinformation in my post. It has been corrected. And yes a certificate is worth it. :) Regards and Apologies, Ted :) Sorry about the misinformation in my post. It has been corrected.

And yes a certificate is worth it. :)

Regards and Apologies,

Ted :)

]]> By: Kyle Hayes http://www.kylehayes.info/2008/02/25/air-does-not-require-certificate-for-full-api/comment-page-1/#comment-328 Kyle Hayes Mon, 25 Feb 2008 00:00:00 +0000 http://www.kylehayes.info/blog/index.cfm/2008/02/25/AIR-Does-NOT-Require-Certificate-for-Full-API#comment-328 Heh, no problem. But I would like to say that I don't doubt the worthiness of the cert. Heh, no problem. But I would like to say that I don’t doubt the worthiness of the cert.

]]>