Daniel Eran Dilger
Random header image... Refresh for more!

iPhone 2.0 SDK: Readers Write on Certificate Signing


Responding to the articles iPhone 2.0 SDK: Java on the iPhone? and iPhone 2.0 SDK: How Signing Certificates Work, readers wrote in with additional notes on signed iPhone app revocation by Apple and a comparison of the issues faced by Sun’s Java ME developers in the area of signing code.

Revocation and the Lovely Walled Garden.
Hoty Kesterson II writes: “Good article on code signing. I’ve posited on several posts that I don’t expect Apple to test 3rd party code before installation. I suspect such validation would be a bit cost prohibited. Instead they will be able to detect what app screwed up and either 1) push a corrected version to anyone who purchased the app or 2) revoke the certificate if they detect purposeful malware or a trend of incompetency.

”I’ve wondered just how they will handle revocation (I’m one of the designers of the X.509 certificate and I chaired the international committee that created it for many years). One possibility is a CRL store in the phone. This allows immediate certificate validity checks and if not very many certificates have to be revoked, the CRL’s size wouldn’t be too significant. The CRL could be pushed (either by sync or over the air) to the IPhone (maybe the subset of phones that have an installed app that would be affected by the new revocation) whenever there’s a new revocation.

“Another possibility is as you mentioned; the iPhone would check whenever an application is launched. The check could be via OCSP or equivalent. I don’t like this approach because it would be triggered every time once launched an app. I suspect this approach 1) would slow launch 2) requires one to be in reach of a signal, 3) is another drain on the battery.

”I like the discipline code signing would bring. I understand and don’t object to those who want to open the software but I will never use their stuff. In the early days OS 9 I put dozens of extensions on my Mac (loved boomerang). My system was fragile; any change typically caused crashing and a lot of work to isolate the cause. Since OS X I have run vanilla using what Apple provides and applications that behave properly. It’s remarkably stable for me, sometimes running for weeks before I reboot.

“I will treat my iPhone the same. I have yet to see an application in the wild that I need so badly that I would accept the turmoil that occurs every time Apple puts out an update. Would I like to have voice dialing? Would I like to have my notes taggable and accessible on my laptop? Sure, but I will wait for Apple or a trusted developer to provide the function. I use my phone daily as my business phone. I cannot afford to play with it and I won’t let anyone else do it.”

Java Verified: Expensive.
Elliot Long writes, “I know you’re pretty anti-Java, but i figured at least in an article discussing the difficulties of code signing you might least mention the horrendous hurdles faced by J2ME developers.

”Unlike Blackberry, Symbian, and Windows Mobile signing – J2ME apps are not rolled out on compatible devices, so they involve many more executables. Yet the process for each executable is among the most expensive in the business. The ONLY ubiquitous certificate is that of the Java Verified initiative. And in order to get it, you cannot simply buy it from a company, you need to get your code professionally tested by one of five testing houses for around $200-400 for each executable.

“Even when shooting for a single manufacturer this can be 3 or 4 jars for different screen resolutions. Add in custom key assignments for different manufacturers, fixes for buggy implementations, versions taking advantage of various JSRs, different languages etc, and you are looking at thousands upon thousands of dollars for just a single version of your app. And that is assuming all your apps pass first time, which is almost never the case.

”But of course the story doesn’t end there. In order to get your app on deck on one of the MNOs, you often need to sign it with one of their own certificates in addition to JV. IT’S A TRAVESTY/RACKET and a big reason why even though java has such tremendous market share it’s still a fledgling market. Just my $0.02. Great articles as usual. Keep em coming.“

More on the iPhone 2.0 SDK

iPhone 2.0 SDK: The No Multitasking Myth
iPhone 2.0 SDK: Java on the iPhone?
iPhone 2.0 SDK: How Signed Certificates Work
iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , ,


1 Silver_Surfer1931 { 03.21.08 at 6:39 am }


Great insight from your readers that know what they speak of. It would be extremely helpful for those that do not have the technical background (me) to see a different perspective. As usual, your articles are a great read. Keep them coming.

2 gus2000 { 03.21.08 at 11:38 am }

How come the mainstream press ends up quoting the guy who made up his own consulting business after installing Windows a few times, but the amateur blogger gets the chair of international committee relevant to the subject at hand? Hmmm? Is journalism really that hard?

Daniel, I would expect your efforts to shame the professional journalists into competency, but apparently they have no more shame to give.

3 lmasanti { 03.21.08 at 2:54 pm }

@Hoty Kesterson II…
Having “on board” (a.k.a. on the forum) such a knowledge as yours, could you explain what method would be “possible”, I suppose something in between both extremes you cited?

4 iPhone 2.0 SDK: Java on the iPhone? — RoughlyDrafted Magazine { 03.22.08 at 1:04 am }

[…] 2.0 SDK: How Signed Certificates Work iPhone 2.0 SDK: Video Games to Rival Nintendo DS, Sony PSP iPhone 2.0 SDK: Readers Write on Certificate Signing I really like to hear from readers. Comment in the Forum or email me with your […]

You must log in to post a comment.