2012/6/5 Marsh Ray <[email protected]> > [...] > > An excerpt: > "That’s right, every single enterprise user of Microsoft Terminal Services > on the planet had a CA key that could issue as many code signing > certificates they wanted and for any name they wanted." > > It sounds as if Windows users might have a million code-signing DigiNotars > to worry about. > > md5withRSA, sequential serials, everybody-gets-a-CA... This is depressing.
The timestamp on the signed objects allows the signature to stay valid for much longer than the validity of the signer. So the 2 years validity for TS-CA certificates is not a problem here. -- Erwann.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
