Microsoft released an automatic updated for untrusted certificates. A bid sad that we need this, but it does appear to be necessary to have a method to continuously update a bad certificate lists. The goal of the new updater is to allow for updates to the untrusted certificate store in one day or less after a new bad certificate is known. Key revocation lists and OCSP were designed to notify clients of revoked certificates. However, these protocols haven't shown the scalability necessary to reliably notify clients of invalid certificates. (thx Alex for pointing this out) [1] http://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx ------ |
Johannes 4068 Posts ISC Handler Jun 13th 2012 |
Thread locked Subscribe |
Jun 13th 2012 8 years ago |
If these certificate updates keep requiring reboots it's going to greatly slow down their install rate :(
|
Anonymous |
Quote |
Jun 13th 2012 8 years ago |
Happy to see a tool like this get released. I would think it wouldn't cause a reboot... anyone know if the KBs for previous cert updates caused a reboot?
|
mbrownnyc 19 Posts |
Quote |
Jun 13th 2012 8 years ago |
#pedant mode on
"A bid sad" should be "A bit sad" #pedant mode off But yes, a loss of trust is always sad. |
Anonymous |
Quote |
Jun 13th 2012 8 years ago |
@mbrownnyc
KB2718704 didn't require a reboot. |
David 11 Posts |
Quote |
Jun 13th 2012 8 years ago |
KB2718704 didn't require a reboot on Vista & Win7 but did on XP
|
Greg 25 Posts |
Quote |
Jun 14th 2012 8 years ago |
Soon enough, a security hole in this updater will require a Certificate Updater Updater. I hate to tell you this, but it's updaters all the way down.
|
Greg 1 Posts |
Quote |
Jun 14th 2012 8 years ago |
Does this flaw have anything to do with this news article:
http://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_print.html |
Gilbert 21 Posts |
Quote |
Jun 19th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!