RSS

Communities

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Archives By Subject

Adobe (21) [RSS]
Adobe AIR (18) [RSS]
Amazon Rank (5) [RSS]
AOP (1) [RSS]
Apollo Camp 2007 (3) [RSS]
Apple (28) [RSS]
Astronomy (1) [RSS]
Boeing (3) [RSS]
Book Reviews (1) [RSS]
Captivate Tutorials (2) [RSS]
CF8 Image Effects (1) [RSS]
CFUNITED 2007 (9) [RSS]
Code Practices (1) [RSS]
ColdFusion (30) [RSS]
Did You Know (1) [RSS]
Disney (6) [RSS]
Eclipse (1) [RSS]
Family.com (1) [RSS]
Flash (6) [RSS]
Flex / ActionScript (39) [RSS]
Go Green (2) [RSS]
Google (8) [RSS]
IE8 (1) [RSS]
iPhone / iPod (4) [RSS]
JavaScript (6) [RSS]
Joost (5) [RSS]
Leopard (4) [RSS]
Linux (1) [RSS]
Lost (1) [RSS]
Mac Programming (2) [RSS]
Mach-II (6) [RSS]
MAX 2006 (3) [RSS]
MAX 2007 (3) [RSS]
Microsoft (5) [RSS]
Misc (28) [RSS]
OpenID (1) [RSS]
OS X (5) [RSS]
Pownce (2) [RSS]
Rants (1) [RSS]
Reactor (2) [RSS]
Reviews (2) [RSS]
RIA (4) [RSS]
SQL Server (2) [RSS]
Subversion (1) [RSS]
Technology (5) [RSS]
Tivo (1) [RSS]
Transfer (2) [RSS]
UNIX (2) [RSS]
Web 2.0 (7) [RSS]
Web Standards (5) [RSS]
XML (1) [RSS]
YUI (2) [RSS]

AIR Does NOT Require Certificate for Full API

Posted At : February 25, 2008 6:39 PM | Posted By : Kyle Hayes
Related Categories: Flash,Adobe AIR,Flex / ActionScript,Adobe

After Ted posted his AIR entry on his blog and talked about the various great things about the runtime, he also mentioned that it is important to purchase a signed certificate from companies such as Thawte in order to get the "greatly expanded APIs", I immediately pinged Ryan to confirm this since Ted was not immediately available.

Shocked, Ryan went to check and reported back that it was not the case. Since then, I noticed that the misinformation has been removed from Ted's blog.

The actual question I posed to Ryan was if he thought the $300 certificate cost from Thawte would discourage the development of open source and free applications. He didn't think so due to the ability to self-sign your own applications, however, at the cost of them being labeled as "UNVERIFIED" when the user installs them. Is there a way around this? Such as a certificate for open source applications to encourage this ever-increasingly popular movement?

Comments (5) |

Print |

Send |

del.icio.us |

Linking Blogs | 1907 Views

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment]

Kyle, I actually just read about this today http://tinyurl.com/2kcatu.
The certificate is evaluated at the system level so unless the user's OS recognizes the certificate (e.g. the user loads a certificate into the certificate store if it does not exist) the cert will not be recognized and will therefore be unverified. Thawte and Verisign are apparently the only two cert authorities which are readily recognized by Win OS X (see "How To Get A Certificate" para. 1)

# Posted By doug | 2/25/08 7:41 PM

@doug - Yea, and this is what my point is. The only way to get unverified is to purchase a very expensive annual subscription to a certificate. I would love to see it either be free or a very low cost alternative for open source applications.

# Posted By Kyle Hayes | 2/25/08 8:11 PM

I would say that we could but it looks like we either need to ask our user to install the certificate or we need to ask Bill and Steve to include additional verified certificate authorities in their service packs/updates. Either way I think we're looking down a $300.00 barrel ($400 for Verisign).
From my Win box:
The certificate store
There are four basic sources for the certificates found in the certificate stores on your computer:

The certificate is included with your installation of Windows XP and came on the Windows XP CD.
You use an application such as an Internet browser to engage in a SSL session, during which certificates are stored on your computer after establishment of trust.
You explicitly choose to accept a certificate, as when you install software or receive an encrypted or digitally signed e-mail from others.
You request a certificate from a certification authority, such as a certificate needed to access specific organizational resources.

It's not uncommon to ask your user to install the security certificate, I am thinking that this would be the way to go on a budget. Here is a list from the Open Directory: http://tinyurl.com/3e4opt

# Posted By doug | 2/25/08 8:54 PM

Sorry about the misinformation in my post. It has been corrected.

And yes a certificate is worth it. :)

Regards and Apologies,

Ted :)

# Posted By Ted Patrick | 2/25/08 9:16 PM

Heh, no problem. But I would like to say that I don't doubt the worthiness of the cert.

# Posted By Kyle Hayes | 2/25/08 9:30 PM

[Add Comment]