NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Microsoft Revokes Trust in 28 of Its Own Certificates

=0AIn case people think this is a bad thing, one should remember this is *e=
xactly* the way "it's 'spose to work".=0A =0AI'm surprised we don't see mor=
e certificate revocation - if the system were really working well (includin=
g the detection of bad certificates), we should be seeing revocations on a =
routine basis, given the level of hacking activity aimed against them.=0A =
=0AIf we see no revocations, it would be clear that either a) there is no b=
ad activity, or b) that no one is really taking security (of customers' sys=
tems) seriously.=0A =0AI applaud Microsoft for doing this, and doing it pub=
licly.   There are lots of other parts to the security equation that Micros=
oft has not handled well at all in the past, but this is good news.

  [ I agree it's good that MS has revoked those certs.  On the other hand,
    it would seem a legit question to ask why they're being revoked
    *right now*.  It seems as if MS didn't bother to really look through
    their cert inventory until there was particularly bad P.R. resulting
    from one of their certs showing up in a widely-publicized virus.
    If the certs were weak, by all rights they should have been pulled
    *before* such an exploit, not after.  However, better late than never.

       -- Lauren Weinstein
          NNSquad Moderator ]

nnsquad mailing list