BugTraq
Windows doesn't verify digital signature of CRL files Aug 09 2004 02:31PM
Faro Poplar (faropoplar yahoo com) (1 replies)
Re: Windows doesn't verify digital signature of CRL files Aug 10 2004 07:32AM
Thomas Walpuski (thomas-bugtraq unproved org) (2 replies)
* Faro Poplar wrote:
> Has anyone noticed that Windows doesn't verify the digital signature
> of CRL files (*.crl).

Yes, I noticed that about 2 years ago. IMO this is no security issue.
CRLs are retrieved from the certificate store via CertGetCRLFromStore.
Sane use of CertGetCRLFromStore makes sure only properly signed CRLs are
used (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/
seccrypto/security/certverifycrlrevocation.asp).

Thomas Walpuski

[ reply ]
Re: Windows doesn't verify digital signature of CRL files Aug 10 2004 06:07PM
Valdis Kletnieks vt edu
Re: Windows doesn't verify digital signature of CRL files Aug 10 2004 04:07PM
Neil Gierman (ngierman roadrunn com) (2 replies)
Re: Windows doesn't verify digital signature of CRL files Aug 10 2004 06:40PM
Thomas Walpuski (thomas-bugtraq unproved org)
Re: Windows doesn't verify digital signature of CRL files Aug 10 2004 06:25PM
Jack Lloyd (lloyd randombit net) (1 replies)
Re: Windows doesn't verify digital signature of CRL files Aug 11 2004 06:52AM
Thomas Walpuski (thomas-bugtraq unproved org)


 

Privacy Statement
Copyright 2010, SecurityFocus