18 Jun 2012 21:51
www.update.microsoft.com
Not really. The only thing Verisign would be verifying is that the certificate was issued to Microsoft. The OS would be using Verisign's presence in it's configured Trusted Root List to determine that Microsoft was transitively trustworthy. *** Since Microsoft control the trust list it is in reality Microsoft who are vouching for Verisign. *** So it makes sense to bung their own certificate straight in there and cut out the middleman. On 18/06/2012 20:36, Peter Tomlinson wrote: > That assumes that we trust Microsoft as much as we trust Verisign. > > Peter
RSS Feed