Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft blacklists fraudulently issued SSL certificate

Lucian Constantin | March 18, 2015
Microsoft released an update to blacklist an SSL certificate for one of its domain names that was issued to an unauthorized third party.

Browsers allow SSL connections to continue if CRL or OCSP checks fail with a network error because such checks can fail for a variety of reasons -- for example the CA servers are down or there's network congestion en route to them. This is known as a soft fail approach.

The problem is that man-in-the-middle attackers can also block CRL and OCSP checks, rendering the mechanism useless. Because of this, browser vendors have to manually blacklist known rogue certificates and then push the blacklist updates to the browsers.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.