This is a bandwagon we ought to hop on. See
https://technet.microsoft.com/en-us/security/advisory/2880823
> Executive Summary
>
> Microsoft is announcing a policy change to the Microsoft Root
> Certificate Program. The new policy will no longer allow root
> certificate authorities to issue X.509
There are a couple good points here, starting with hard-fail. Why is it not already turned on by default? What is the argument against it? An even better question is how many people in this forum have turned it on, and what has your experience been? I just turned it on myself...once I found the stu
2 matches
Mail list logo
