MS culls 20 Trusted Root Certs effective January

Forum Moderators: open

Message Too Old, No Replies

MS culls 20 Trusted Root Certs effective January

tangor

11:00 pm on Dec 17, 2015 (gmt 0)

Microsoft is cutting the ranks of its Trusted Root Certificate partners in hopes of improving the security of Windows applications.

The Redmond giant said that it would be dropping 20 currently trusted Certificate Authorities (CAs), leaving the applications and sites signed with those certificates untrusted and causing their users to receive warnings when launched.

[theregister.co.uk...]
See article for list of certificates removed.

bill

2:59 am on Dec 21, 2015 (gmt 0)

Sounds like a lot of those CAs didn't know they were being turned off. That could cause some issues for end users who are going to be confused at the errors they'll be getting.

tangor

3:11 am on Dec 22, 2015 (gmt 0)

Sadly, bill, that is true... but I suspect the MS cull will kick start some of these laggards into updating their certs!

bill

8:17 am on Dec 22, 2015 (gmt 0)

They are dumping entire certificate authority organizations from the trusted list here. This is more than just 20 certs. Those signing certificates could have signed many other certs. They are pulling trust from organizations whom they don't think are adhering to the stricter guidelines, or those that indicated they no longer want to be included.

Of course the end result will be to kick start some of these laggards into updating their certs ;)
It may inconvenience some for a while, but the end result should be a positive for the security of the web.