[15208] in cryptography@c2.net mail archive
Re: fun with CRLs!
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Mar 31 22:47:34 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 10 Jan 2004 15:07:12 +1300
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, perry@piermont.com
>/. is reporting this, anyone know the real story?
The CryptoAPI list has been lit up end to end with mail about this. The
summary from one poster (Tim Anderson <TimA@PREDATOR-SOFTWARE.COM>) is:
IE5.x's digital signature expired yesterday. Every computer that uses
WinVerifyTrust now has to have the "verify publisher certificate" dealy
unchecked or the WinVerifyTrust call takes upwards of 5 minutes to complete.
The fix, as for the "We're from Microsoft, give us a certificate" fiasco of
two years ago, is an OS update from Microsoft to replace the certs. Further
patches will be in Win2K SP5 and WinXP SP2.
ObSnideComment: It's a good thing 99.99% of PKI use is just window dressing,
imagine if people were basing things like electronic funds transfers on
technology as brittle as this: "Please wait 5 minutes for the server to time
out so your funds can become available".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
