Bugtraq mailing list archives
Re: Verisign certificates problem
From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Fri, 23 Mar 2001 13:16:18 -0700
Sadly, Thawte (which was purchased by Versign and is supposed to be the second largest CA) does not include a CPD field in their server certificates either. Actually checking most of the CA certificates shipped with IE less than half have a CPD field. Of the big CA only Entrust seems to use the field. On the plus side if you use IE and go into Internet Options -> Advanced -> Security and check the boxes next to "Check for publisher's certificate revocation" and "Check for server certificate revocation" then you will get a warning. IE won't pop up the warning when you visit a site with a certificate without a CPD field but if you click on the lock and bring up the certificate window you will see the following text: "Windows cannot determine the validity of this certificate because it cannot locate a valid certificate revocation list from the certificate authority that issued this certificate." -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Verisign certificates problem Sinclair, Roy (Mar 23)
- CRLs (was Re: Verisign certificates problem j eric townsend (Mar 25)
- Re: CRLs (was Re: Verisign certificates problem Patrick Patterson (Mar 26)
- <Possible follow-ups>
- Re: Verisign certificates problem Elias Levy (Mar 24)
- Re: Verisign certificates problem Peter Gutmann (Mar 25)
- Re: Verisign certificates problem Peter Gutmann (Mar 25)
- Re: Verisign certificates problem Ogle Ron (Rennes) (Mar 26)
- Re: Verisign certificates problem Michael Reilly (Mar 27)
- Re: Verisign certificates problem Wham Bang (Mar 27)
- CRLs (was Re: Verisign certificates problem j eric townsend (Mar 25)