Hey, thanks a lot that you put so much effort into your research and answer. It helps us to understand, what potential concerns and questions are.
Let me go into the most important points you raised, as most of them are based on misreading or misunderstanding. I want to clarify these but also give you some explaination.
>>First thing I did was check the price per year of common EV code-signing >>certificates suitable for Microsoft’s enhanced kernel signing requirements.
>>Both Comodo and GlobalSign are around $300/yr when buying in >>advance, and are suitable for kernel driver signing. :)
True, if you go for 3 years, then your certificate expires — ask Notepad++ how they liked it. https://www.bleepingcomputer.com/news/software/notepad-no-longer-code-signed-dev-wont-support-overpriced-cert-industry/
You can use CodeNotary on a monthly basis — that’s the information you missed, and your assets don’t expire. You just can’t change the status anymore without subscription. Try that with Comodo and co.
>>Your price per year for one person? $348.
Not true — you are on a monthly plan using CodeNotary, so you can decide yourself how much you want to spend.
That applies actually to most of the points you raised, so I consider them answered as well.
>>Please don’t be disingenuous about your pricing. You’re an extremely >>slight value-add over GnuPG, but closed source and nothing compared to >>the gold standard in your price range.
If you’re fine with the value you gain using GnuPG — I won’t even argue. But we’re in discussions with so many software companies, that are not. I starts with the cumbersome integration and ends with the focus on certificates instead of assets. We do exactly that, focusing on the single asset.
>>Your arguments against GnuPG can equally be applied to your own >>software. Who’s going to download it to verify something? Nobody.
Did you ever try to verify GnuPG signed assets in the browser? That’s what we do with the Chrome extension. We’ll see how many Nobody’s are going to use CodeNotary one year from now. ;-) I bet the same argument was made against Let’s encrypt when they started.
>>You also limit people and projects on the number of things signed per >>month.
True, we’re open to any better idea, but we thought well about the easiest and best way for customers.
Do you sign more than 20 assets a month? Do you give away your software for free? If yes, you actually don’t need to pay at all for our service.
>>You don’t even seem to be able to base your security theater off of >>hardware security tokens.
That’s actually not so far from here. We’re already working on that and that’s not such a big effort to implement. As mentioned our main focus was on securing the backend, setting up bullet-proof smart contracts and making sure the main functionality is there, when we release version 1. Here we are and improve our software every single minute.
>>I’m sorry that I have to be critical, but this product doesn’t seem well >>thought out or priced sanely for what it is.
Nothing to be sorry about. For us feedback is valuable and welcome. When there are questions not answered, we need to cover them in our FAQ in the future.
>>You just seem to think that invoking BlockChain somehow makes what >>you’re doing here secure and inherently better.
That one is actually cheap given the effort you put in the other research. We don’t use blockchain because its cool. The founders of CodeNotary have decades of experience in Data-center tech, Software development aso. So we didn’t look for problems to be solved by blockchain, we searched for a technology that would serve our needs. Replacing today's certificates (and authorities), is one of the best use cases for a blockchain.
>>Have you published algorithms? Had your implementation of things >>vetted by independent auditors? Without that, and a lot more, who could >>possibly trust this?
>>You don’t have much (any, really) public information available about >>anything, not even an email address.
Check our Github and feel free — all open source. https://github.com/vchain-us/vcn
Contact us, chat, address all on the website. We’ll check, where we should put it additionally. Btw. you just reached me … :)
>>Even your main image for the dashboard is from here >>https://99designs.com/web-design/contests/dashboard-codenotary-io->>vchain-895597
true - we focussed on the product backend first. Had a winner on the contest and present it on our website, as the prototype we’re going to implement until end of April (that’s written all over). If you would register, you see our current dashboard and that its being improved every single day — so it would be hard to replace the screenshots continuously.
>>So I’m sure you’ll tell me it’s not shady, but…come on. This is ridiculous.
Unfortunately, you went half through the information and always missed important information. But of course, we would never blame our users to misunderstand — its our job to better explain. As mentioned all of your concerns will make it into our FAQ.
