Welcome to WebmasterWorld Guest from 34.204.203.142

Forum Moderators: bill

Message Too Old, No Replies

MS culls 20 Trusted Root Certs effective January

     
11:00 pm on Dec 17, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10573
votes: 1125


Microsoft is cutting the ranks of its Trusted Root Certificate partners in hopes of improving the security of Windows applications.

The Redmond giant said that it would be dropping 20 currently trusted Certificate Authorities (CAs), leaving the applications and sites signed with those certificates untrusted and causing their users to receive warnings when launched.

[theregister.co.uk...]
See article for list of certificates removed.
2:59 am on Dec 21, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts:15181
votes: 180


Sounds like a lot of those CAs didn't know they were being turned off. That could cause some issues for end users who are going to be confused at the errors they'll be getting.
3:11 am on Dec 22, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10573
votes: 1125


Sadly, bill, that is true... but I suspect the MS cull will kick start some of these laggards into updating their certs!
8:17 am on Dec 22, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
posts:15181
votes: 180


They are dumping entire certificate authority organizations from the trusted list here. This is more than just 20 certs. Those signing certificates could have signed many other certs. They are pulling trust from organizations whom they don't think are adhering to the stricter guidelines, or those that indicated they no longer want to be included.

Of course the end result will be to kick start some of these laggards into updating their certs ;)
It may inconvenience some for a while, but the end result should be a positive for the security of the web.