New article on root certificate problems with Windows
Jeffrey Altman
jaltman at columbia.edu
Thu Jul 19 11:43:30 EDT 2007
pgut001 at cs.auckland.ac.nz wrote:
> The executive summary, so I've got something to reply to:
>
> In the default configuration for Windows XP with Service Pack 2 (SP2),
> if a
> user removes one of the trusted root certificates, and the certifier who
> issued that root certificate is trusted by Microsoft, Windows will
> silently
> add the root certificate back into the user's store and use the original
> trust settings.
>
> While I don't agree with this behaviour, I can see why Microsoft would do
> this, and I can't see them changing it at any time in the future. It's the
> same reason why they ignore key usage restrictions and allow (for
> example) an
> encryption-only key to be used for signatures, and a thousand other
> breaches
> of PKI etiquette: There'd be too many user complaints if they didn't.
The real flaw that I see in their design is that they permit
certificates that they installed to be removed. Instead they should
have provided a "disabled" feature so that those who wish to disable
installed certs can do so and thereby ensure that in the future they
won't be restored.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3323 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070719/91e4d676/attachment.bin>
More information about the cryptography
mailing list