[Elecraft] [HAM] Windows 7 and LoTW

[David Woolley (E.L)]

The older a certificate, the more likely the private key to have been 
broken (both from a longer time to try and because technology advances 
make it easier), or leaked, or that domain has been lost to someone less 
reputable, so certificates need to have time limits.

Although it is true that the certificate structure has been monetised, 
and that Microsoft bought out one of the main companies in the 
certificate business, if there is any money going to Microsoft here, it 
is for inclusion of the certificate authority's root certificate in the 
browser/Windows, not for the individual certificates.

This also applies to Authenticode, the digial signature infrastructure 
for code, rather than web pages.  Again you can pay your money to any 
certifying authority, not just, the now Microsoft owned, Verisign.

If anything, the real problem nowadays is that just too many people can 
issue certificates that will be trusted by browsers/Authenticode, and by 
default, they will trust certificates with very different levels of 
verification of the identity of the subject.

WILLIS COOKE wrote:

+ what you were talking about. It appears to me to be generated by
+ Microsoft Internet Explorer rather than anything at ARRL LOTW. I have
+ been getting such warnings when I try to download any software that did
+ not give Microsoft its cut for some time, but this appears to be a new


-- 
David Woolley
"we do not overly restrict the subject matter on the list, and we
encourage postings on a wide range of amateur radio related topics"
List Guidelines <http://www.elecraft.com/elecraft_list_guidelines.htm>