Home All Groups Group Topic Archive Search About

Fully trust digitally signed assemblies (redux)

microsoft.public.dotnet.framework
Author
16 Aug 2006 9:44 PM
BilalD
Hello all

I'm bringing a topic back from the dead. It's been a while, but this
solution is just not working.
Here is the URL for the initial issue. I could'nt find the link by searching
thru the managed groups search feature
http://groups.google.com/group/microsoft.public.dotnet.framework/browse_frm/thread/ddc31702f4aab866/3f711c4ab835a5c7?lnk=st&q=digital+certificate+crl+.net+framework&rnum=1&hl=en#3f711c4ab835a5c7

I'll post the contents of the first posting here. Anyone else out there
running into this problem? I really don't want to ship .NET assemblies that
are not digitally signed, considering Vista is going to make life harder for
unsigned applications because of popups galore.



I have an isolated network where I am not connected to the web. I'm using
some digitally signed assemblies in my .net application and am running the
application from my local drive. Im signed in as admin to the machine. With
Windows 2k, sp4 and .net 1.1. I notice unusually long loading times when
using the digitally signed assemblies (10+ seconds) and I can see that
whenever I launch the app, some network activity is generated. There are some
queries to crl.thawte.com made and the form loads up. Normal loading time is
supposed to be about 1 second.
I have tried using the .net config tool to give full trust to the publisher,
the assembly and so on. But it seems like the .net framework always like to
walk the certificate chain everytime and in doing so needs to be connected to
the net. Otherwise, the timeouts just end up delaying the loading of the
assembly.

If I am running the app from a fully trusted location, why would the
framework need to keep validating the certificate and look up the crl? I
though this would only happen if I'm downloading the app from a url link or
running it from a network.

How do I fully trust a publisher so that I do not get these delays? Can I
somehow force the framework to reduce its timeouts? Or to not check for crl's
online?

Can I install something locally on the system so that it does not require
network access to load the speedy fashion?

Is network access a prerequisite to using digitally signed assemblies ?

Has anyone else run into these problems before?

AddThis Social Bookmark Button


Post Other interesting topics
Application changes propagating through the system
help converting c# to c++?
Pointed in the right direction?
DeSerialization callback and member objects
XML document question