> The executive summary, so I've got something to reply to:
>   In the default configuration for Windows XP with Service Pack 2 (SP2),
> if a
>   user removes one of the trusted root certificates, and the certifier who
>   issued that root certificate is trusted by Microsoft, Windows will
> silently
>   add the root certificate back into the user's store and use the original
>   trust settings.
> While I don't agree with this behaviour, I can see why Microsoft would do
> this, and I can't see them changing it at any time in the future.  It's the
> same reason why they ignore key usage restrictions and allow (for
> example) an
> encryption-only key to be used for signatures, and a thousand other
> breaches
> of PKI etiquette: There'd be too many user complaints if they didn't.

The real flaw that I see in their design is that they permit
certificates that they installed to be removed.  Instead they should
have provided a "disabled" feature so that those who wish to disable
installed certs can do so and thereby ensure that in the future they
won't be restored.

Jeffrey Altman

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to