Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: advance_copy

Microsoft also pushes out CRLs (along with updated CA certs) as part of its monthly Windows Update cycle.


8 posted on 03/23/2011 7:53:09 PM PDT by Gideon7
[ Post Reply | Private Reply | To 4 | View Replies ]


To: Gideon7

Didn’t know that, thanks. Of course, you still need to have CRL checking enabled in the browser for it to do any good.


9 posted on 03/23/2011 7:56:33 PM PDT by advance_copy (Stand for life or nothing at all)
[ Post Reply | Private Reply | To 8 | View Replies ]

To: Gideon7
Out of curiosity, would it be possible to for new certificates to be bundled with signatures (of the new certificate) signed with any previous certificates that might reasonably be in use, and for browsers to warn any time an attempt is made to access a site for which the browser has a certificate, but which advertises a new certificate that isn't signed by the old one?

If on the first time my machine accesses mywonderfulbank.com, the request gets been intercepted by a site which has a bogus certificate, there'd be no way my machine could catch that, but if my machine had previously accessed the real mywonderfulbank.com and received a certificate, there would be no way a phony certificate could pass muster without a warning.

10 posted on 03/23/2011 8:28:21 PM PDT by supercat (Barry Soetoro == Bravo Sierra)
[ Post Reply | Private Reply | To 8 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson