Microsoft deems all DigiNotar certificates untrustworthy, releases

• Previous message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases
• Next message (by thread): Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The problem that I see with browser response to self-signed (or org generated) certs is
not the warning(s) but the assertion that the cert is invalid. Not issued by one of the
players in the Protection Racket does not make the cert invalid. It may be untrustable,
unreliable, from an unknown and/or unverifiable source, but it IS a valid cert. Certs in
a revocation list or malformed certs are invalid. 

After all, the Diginotar certs were 'valid', until revoked. Apparently the (arbitrary)
inclusion or exclusion of a root cert by each browser creator or distributer is
equated with validity. By removing the Diginotar root cert, suddenly ALL Diginotar
certs are now reported to end users as Invalid? By refusing to include a CACert root
certificate, no CACert certificate is 'valid'? I think not.

-- 

-=[L]=-
Hand typed on my Remington portable

• Previous message (by thread): Microsoft deems all DigiNotar certificates untrustworthy, releases
• Next message (by thread): Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]