dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5
share rss forum feed


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
reply to AVD

Re: Adobe's code signing certificate has been stolen

said by AVD:

said by Name Game:

Post please if you personally first check the certs from any Adobe product before you install it.

it isn't automatic?

In most cases signature verification of a certificate against known certificate authorities is automatic since this can be done against a locally stored list of trusted CAs. Checking of CRLs (certificate revocation lists) is usually not automatic since it requires Internet access.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

that may be the default



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

said by AVD:

that may be the default

I'm sorry if I was unclear but I did mean default behavior. I remember seeing a site that had a nice overview showing which software did not implement CRL checking at all and which software supported CRL checking but had it disabled by default (I'm not sure if there was any that had CRL checking enabled by default).
Of course, I can't find it now

Another issue related to CRLs (not applicable to the current topic) is whether only the presented certificate is being checked or whether all the certificates in the signing chain are checked for revocation as well (should you still trust a certificate if the intermediate or root CA certificate was revoked ?).
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!