It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
Yeah but isn't the point of these certificates to express trust?
The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.
Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.
who on planet earth trusts a piece of software because Microsoft signed it?
There are different types of trust, but at the very least with such a signature you can trust that the piece of software is really from Veracrypt and not from a malicious third party.
For one: Most if not all virus scanners.
A signature is a signal, not an absolute. Although, to be fair, if Microsoft (or most other CAs) had done a better job, then that trust would have carried more weight than it does currently.
Trust isn't binary, it's a spectrum. A signature is a signal that should increase trustworthiness. Not the strongest signal, perhaps even a weak one, but it's not zero.
That's what VeraCrypt is, a fork of the original TrueCrypt after all drama, security doubts, and eventual discontinuation. It took a long time and two independent audits to establish trust in it.
Probably not French though, give how hostile it appears to be to encryption/security related projects (GrapheneOS had a good arguments re: that)
The author is now based in Japan, and even owns a veracrypt.jp domain. Meanwhile, the old veracrypt.fr domain redirects to veracrypt.io.
Seems rather clear that he doesn't want French jurisdiction.
And Microsoft will be happy to shut that one down because their incompetence.
So we'd better find a real solution now.