Saturday, January 02, 2010

No Internet Slow Loading Revisited - Signed Executables

After many hours of research, I went ahead and updated the Weather Message installers so that they automatically disable the revolked certificate check in the Microsoft .Net framework.  What seemed so simple turned into a full day's worth of work.  The 32-bit and 64-bit directories have to be updated as appropriate.

Here is what Microsoft has to say about the change.
The common language runtime (CLR) tries to verify the Authenticode signature at load time to create Publisher evidence for the assembly. However, by default, most applications do not need Publisher evidence. Standard CAS policy does not rely on the PublisherMembershipCondition. You should avoid the unnecessary startup cost associated with verifying the publisher signature unless your application executes on a computer with custom CAS policy, or is intending to satisfy demands for PublisherIdentityPermission in a partial-trust environment. (Demands for identity permissions always succeed in a full-trust environment.)
For services they go one step further with this note.
We recommend that services use the element to improve startup performance. Using this element can also help avoid delays that can cause a time-out and the cancellation of the service startup.
After reading this information published by Microsoft, you would think they would disable this by default.  See this KB article for more information KB936707.

No comments: