Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Discussion in 'Off-Topic' started by Sefie, Dec 20, 2015.

  1. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.

    The list of certificates that are scheduled to be removed from Microsoft’s Trusted Root Certificate Program belong to CAs run by private or state-owned organizations from the U.S., France, the Czech Republic, Japan, Denmark, Chile, Turkey, Luxembourg, Ireland, Slovenia and Brazil.

    With their removal from Microsoft’s program, the CAs will also be removed from the certificate trust list in Windows that’s used by browsers such as Google Chrome, Internet Explorer and Microsoft Edge, as well as by email clients and other applications that support secure communications over SSL/TLS.

    When such applications encounter a certificate on a website or other type of server, they verify its authenticity by checking whether it has been signed by a CA listed in the Windows certificate store, or by an intermediary issuer that’s itself signed by such a CA.

    Therefore, the removal of a CA’s certificate from the Microsoft Trusted Root Certificate Program will essentially render all certificates that chain back to it as untrusted. This doesn’t apply just to SSL/TLS certificates, but also to code-signing certificates that are used to validate that software programs have been released by legitimate developers and haven’t been modified.

    http://www.pcworld.com/article/3017...-certificates-could-wreak-havoc-on-sites.html
     
    Sefie, Dec 20, 2015
    #1
    1. Advertisements

  2. Sefie

    IcyBC

    Joined:
    Jul 12, 2015
    Messages:
    756
    Likes Received:
    116
    That will not be good and it will be a pain for users who come across those sites! Why and what happened to cause Microsoft to do such thing? Isn't there better thing to do with time and money than just making things more complicated? Older people like me are comfortable with what is working and not looking forward for changes that we have to pull out our hair to try to understand, lol..
     
    IcyBC, Dec 21, 2015
    #2
    1. Advertisements

  3. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    I know! It's terrible, but I believe they do this due security issues. If I recall right there was a problem recently with unsafe sites displaying those safe certificates. So I think this move has something to do with this. Not 100% sure though.
     
    Sefie, Dec 21, 2015
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.