Security Now (Audio) SN 1060: 3-Day Certificates - The Rise of AI Programming
42 snips
Jan 14, 2026 Discover why code signing certificates are skyrocketing in cost and complexity. Unpack Microsoft's new three-day certificates and the challenges they pose for developers. Explore California's innovative DROP data broker opt-out system and its implications for privacy. Hear about humorous AI-generated towns and a hands-on demo of Claude Code. Plus, get insights into AI-assisted coding for non-coders and listener experiences navigating the evolving landscape of code signing!
AI Snips
Chapters
Books
Transcript
Episode notes
Code Signing Rules Became Burdensome
- Code signing rules now force non-exportable keys and HSM or cloud-hosted signing, increasing complexity and cost for developers.
- Rick Strahl and Steve Gibson see this as gatekeeping that burdens small developers and raises yearly costs dramatically.
Evaluate Azure Trusted Signing Costs
- Consider Microsoft's Azure Trusted Signing for cheaper, cloud-based code signing despite setup pain and preview status.
- Weigh signature quotas and monthly pricing (basic vs premium) before choosing cloud signing plans.
Three-Day Certificates Purpose
- Microsoft issues very short-lived code signing certificates (about three days) to thwart abuse if keys are compromised.
- Short lifetimes reduce window of misuse while relying on timestamping to preserve signature validity.
