Microsoft just released a security advisory,
Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Someone convinced VeriSign he was a Microsoft employee, and got two
certificates with the name "Microsoft Corporation." Although VeriSign has
revoked the certificates, browsers are not set up to check the revocation
list! MS is working on a browser patch.
Bruce Schneier was right about the risks of PKI...
This archive was generated by hypermail 2b29 : Fri Apr 27 2001 - 23:14:44 PDT