fun with CRLs!
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jan 9 21:07:12 EST 2004
>/. is reporting this, anyone know the real story?
The CryptoAPI list has been lit up end to end with mail about this. The
summary from one poster (Tim Anderson <TimA at PREDATOR-SOFTWARE.COM>) is:
IE5.x's digital signature expired yesterday. Every computer that uses
WinVerifyTrust now has to have the "verify publisher certificate" dealy
unchecked or the WinVerifyTrust call takes upwards of 5 minutes to complete.
The fix, as for the "We're from Microsoft, give us a certificate" fiasco of
two years ago, is an OS update from Microsoft to replace the certs. Further
patches will be in Win2K SP5 and WinXP SP2.
ObSnideComment: It's a good thing 99.99% of PKI use is just window dressing,
imagine if people were basing things like electronic funds transfers on
technology as brittle as this: "Please wait 5 minutes for the server to time
out so your funds can become available".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list