Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- Subject: Re: [Fed-Talk] Apple's Rogue DigiNotar CA mitigation?
- From: Rex Sanders <email@hidden>
- Date: Wed, 31 Aug 2011 18:13:27 -0700
Deleting Mac OS X certificates using Keychain doesn't work completely:
http://www.infoworld.com/d/security/mac-os-x-cant-properly-revoke-dodgy-digital-certificates-171357
"Users can revoke a certificate using Keychain, but if they happen to visit
a site that uses the more-secure Extended Validation certificates, the Mac
will accept the EV certificate even if it's been issued by a certificate
authority marked as untrusted in Keychain."
I wonder if the command-line equivalents have the same problem.
SSL/TLS: a different kind of Security Theater.
http://en.wikipedia.org/wiki/Security_theater
-- Rex
At 9:13 AM -0700 8/31/11, David Mueller wrote:
>Yes, you can disable DigiNotar via Keychain Access. Open the app, click on
>the System Roots keychain, double-click on "DigiNotar Root CA", expand the
>Trust section of the window, and set "When using this certificate" to "Never
>Trust".
>
>This post has a slightly different method (with pictures), and suggests that
>it may be better to delete the cert rather than not trusting it:
>
>http://www.coriolis-systems.com/blog/2011/08/diginotar-certificate-security.
>php
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden