Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Certificate Updater

Published: 2012-06-13
Last Updated: 2012-06-13 19:40:31 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

Microsoft released an automatic updated for untrusted certificates. A bid sad that we need this, but it does appear to be necessary to have a method to continuously update a bad certificate lists. The goal of the new updater is to allow for updates to the untrusted certificate store in one day or less after a new bad certificate is known.

Key revocation lists and OCSP were designed to notify clients of revoked certificates. However, these protocols haven't shown the scalability necessary to reliably notify clients of invalid certificates.

(thx Alex for pointing this out)

[1] http://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

7 comment(s)
Diary Archives