Group,
I'm referring to the certificate validation issues that recently made huge
press:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0862
I have seen all sorts of apocalyptic reports and anti-MS propaganda
regarding the issue, but in-depth technical analysis can't be easily
Hi Mike and the list,
That is one side of an issue I have described in
http://online.securityfocus.com/archive/1/273101
http://online.securityfocus.com/archive/1/273101
I have to admit, your message captures attention much better than mine. All
for good, if that will be fixed.
The issue
G'day Bugtraq,
Microsoft Security Bulletin MS01-017
(http://www.microsoft.com/technet/security/bulletin/MS01-017.asp) inspired
me to do some testing. Here are the results:
1. I configured Microsoft Certificate services to act as a standalone
subordinate CA. A request for a CA certificate was