Microsoft Certificate Updater
Microsoft released an automatic updated for untrusted certificates. A bid sad that we need this, but it does appear to be necessary to have a method to continuously update a bad certificate lists. The goal of the new updater is to allow for updates to the untrusted certificate store in one day or less after a new bad certificate is known.
Key revocation lists and OCSP were designed to notify clients of revoked certificates. However, these protocols haven't shown the scalability necessary to reliably notify clients of invalid certificates.
(thx Alex for pointing this out)
[1] http://blogs.technet.com/b/pki/archive/2012/06/12/announcing-the-automated-updater-of-untrustworthy-certificates-and-keys.aspx
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
Comments
BradC
Jun 13th 2012
1 decade ago
mbrownnyc
Jun 13th 2012
1 decade ago
"A bid sad" should be "A bit sad"
#pedant mode off
But yes, a loss of trust is always sad.
Dijkgraaf
Jun 13th 2012
1 decade ago
KB2718704 didn't require a reboot.
David
Jun 13th 2012
1 decade ago
G
Jun 14th 2012
1 decade ago
mgracie
Jun 14th 2012
1 decade ago
http://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_print.html
Gilbert
Jun 19th 2012
1 decade ago