Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » MS root certificates update
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
For Wildcatboy »
« c7.statcounter.com  
AuthorAll Replies

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
·Verizon FIOS
·Optimum Online

reply to Cronk
Re: MS root certificates update

said by Cronk See Profile :

1. I assume the CA's are places like Verisign. Is it generally considered ok to accept Microsoft's evaluation of CA's?
It comes down to a matter of trust.

When you install a root CA certificate as a trusted root certificate you are trusting all certificates issued in the tree below that certificate (a chain of trust). You don't need to install these, but for every individual certificate presented that does not have a path to a trusted root certificate you will be explicitly asked to accept or decline. You may be given the option to install that specific certificate as trusted as well.

Microsoft offers to make this task simpler for you by putting together a set of root certificates they think you should trust. Basically they are presenting themselves as a 'super root' at the top of all trees/at the head of all chains of trust, but do you really trust them to make that decision for you? Many do not and some google searching will turn up quite a bit of discussion about this. If you have to ask whether you should trust them then likely the answer is no you should not trust M$.

Alternatively, you can choose to obtain and install just those root certificates you trust by visiting the sites of those specific CAs when needed.
to forum · permalink · · 2007-09-13 18:54:39 · Reply to this
Forums » Up and Running » Security » SecurityFor Wildcatboy »
« c7.statcounter.com  

Thursday, 03-Dec 14:58:36 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [129] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [75] Comcast Makes NBC Universal Acquisition Official
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [47] Sprint Defuses GPS Privacy Media Bomb
Most people now reading
· False positive in Avast! or is it real? [Security]
· Warrior tank seem underpowered these days [World of Warcraft]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· Windows 7 boot manager editing questions [Microsoft Help]
· PVP in wow today [World of Warcraft]
· Many Sites Unreachable [Rogers]
· Patch 3.3 preperation [World of Warcraft]
· [WotLK] Doing away w/ conquest? [World of Warcraft]