scary certificate for

Ben Liddicott ben at
Mon Jun 18 18:37:21 BST 2012

RSA is not in suite B either.

Also Microsoft will give security updates to unlicensed copies of 
windows, the last time I heard, just not functionality updates.


On 18/06/2012 12:37, Tony Naggs wrote:
> Neither the blog or the 2 SSL test tools point out that Microsoft are 
> stilling using SHA1 on their new certificate for signing.
> SHA1 has been known since 2005 to be weak, and US NSA advice via NIST 
> since 2006 has been:
> "Federal agencies must stop relying on digital signatures that are 
> generated using SHA-1 by the end of 2010."
> Ref:
(... deletia...)

> Really everyone should be using SHA2-256 or better on all new 
> certificates by now!
> Yes, as I'm sure you know the Windows Update tool runs (ActiveX) stuff 
> to help Microsoft to try to limit updates to go only to PCs with 
> correctly licensed Windows.

More information about the ukcrypto mailing list