NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Microsoft Revokes Trust in 28 of Its Own Certificates
=0AIn case people think this is a bad thing, one should remember this is *e=
xactly* the way "it's 'spose to work".=0A =0AI'm surprised we don't see mor=
e certificate revocation - if the system were really working well (includin=
g the detection of bad certificates), we should be seeing revocations on a =
routine basis, given the level of hacking activity aimed against them.=0A =
=0AIf we see no revocations, it would be clear that either a) there is no b=
ad activity, or b) that no one is really taking security (of customers' sys=
tems) seriously.=0A =0AI applaud Microsoft for doing this, and doing it pub=
licly. There are lots of other parts to the security equation that Micros=
oft has not handled well at all in the past, but this is good news.
[ I agree it's good that MS has revoked those certs. On the other hand,
it would seem a legit question to ask why they're being revoked
*right now*. It seems as if MS didn't bother to really look through
their cert inventory until there was particularly bad P.R. resulting
from one of their certs showing up in a widely-publicized virus.
If the certs were weak, by all rights they should have been pulled
*before* such an exploit, not after. However, better late than never.
-- Lauren Weinstein
NNSquad Moderator ]
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad