scary certificate for www.update.microsoft.com
Peter Tomlinson
pwt at iosis.co.uk
Mon Jun 18 20:36:55 BST 2012
That assumes that we trust Microsoft as much as we trust Verisign.
Peter
On 18/06/2012 18:30, Ben Liddicott wrote:
> This is a website for issuing updates to Microsoft Windows. It is
> verified by a chain terminating in a certificate Microsoft issued
> themselves.
>
> The SSL Chain of trust is for trusting previously unknown parties. For
> the purposes of updating Windows, Microsoft are not an unknown party.
> Nothing would be added by having Verisign validate the certificate.
>
> Cheers,
> Ben
>
More information about the ukcrypto
mailing list