fun with CRLs!

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jan 9 21:07:12 EST 2004


>/. is reporting this, anyone know the real story?

The CryptoAPI list has been lit up end to end with mail about this.  The
summary from one poster (Tim Anderson <TimA at PREDATOR-SOFTWARE.COM>) is:

  IE5.x's digital signature expired yesterday. Every computer that uses
  WinVerifyTrust now has to have the "verify publisher certificate" dealy
  unchecked or the WinVerifyTrust call takes upwards of 5 minutes to complete.

The fix, as for the "We're from Microsoft, give us a certificate" fiasco of
two years ago, is an OS update from Microsoft to replace the certs.  Further
patches will be in Win2K SP5 and WinXP SP2.

ObSnideComment: It's a good thing 99.99% of PKI use is just window dressing,
  imagine if people were basing things like electronic funds transfers on
  technology as brittle as this: "Please wait 5 minutes for the server to time
  out so your funds can become available".

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list