ietf-smime
[Top] [All Lists]

Re: [saag] [Cfrg] Further MD5 breaks: Creating a rogue CAcertificate

2009-01-06 10:28:12
Peter Gutmann wrote:
"Timothy J. Miller" <tmiller(_at_)mitre(_dot_)org> writes:

The only reliable way to nuke a trusted cert from Windows is touch management
of workstations.

It's worse than that, there is no reliable way to remove trusted certs from
Windows.  See Paul Hoffman's analysis at
http://www.proper.com/root-cert-problem/.

I've corresponded with Paul about that in the past. Root auto-installation can be disabled, users can be blocked from installing roots in both the machine and user store (requires domain GPO, IIRC), and subjectInfoAccess chasing can be disabled (Vista "feature").

Incomplete answer for general users, yes, but it's there nonetheless. Presumably if you're touch managing workstations for trust anchor removal you can verify that these settings are all in place. :)

The roots that shouldn't be removed are the ones needed to boot (i.e., validate authenticode signatures). That's more than a few in XP.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>