> and applications which have been signed by Apple
Applications are not signed directly by Apple, but by developers who have received certificates from Apple. Apple signing applications would be a rather broken trust model.
Exactly. s long as Apple isn't heavy-handed with certificate revocations or denying new certs, then it's pretty much business as usual (with added security).
I made the point before, and it parallels the move by Firefox, Chrome and other browsers to heavily warn on non-registered self-signed certs. As an intranet web app maintainer, it was a right pain to deal with the situation. Eventually we setup our CA and it was all good.
It would be nice if we had more than just one signature authority supported by this option.
Applications are not signed directly by Apple, but by developers who have received certificates from Apple. Apple signing applications would be a rather broken trust model.