Required Root CAs and CTLs
From: Lars Olaussen (Isolauss_at_hotmail.com)
Date: 11/20/03
- Next message: Christophe Niel: "Re: Lan manager (Dos) Login on a 2003 file share ?? Impossible?"
- Previous message: BobS: "Re: Certificate Server Documentation"
- Next in thread: David Cross [MS]: "Re: Required Root CAs and CTLs"
- Reply: David Cross [MS]: "Re: Required Root CAs and CTLs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Nov 2003 11:35:08 +0100
In the MS Knowledge Base Article 293781 there is a list of 'Trusted Root
Certificates That Are Required By Windows 2000'.
Would it be possible to just add these root CAs to a Certificate Trust
List made by the own PKI implementeted? Then all the root CAs shipped
with Windows could be removed, and only the own PKI and PKIs signed in
CTLs would be accepted at domain workstations.
The first goal would be to require all drivers, applications etc to be
digitally signed. Then require all PKIs issuing these certificates to be
approved by the own root CA; never again have to worry about rogue
drivers and applications being signed by untrusted 'Trusted Root
Certificate'.
Regards,
Lars Olaussen
Isolauss@hotmail.com
- Next message: Christophe Niel: "Re: Lan manager (Dos) Login on a 2003 file share ?? Impossible?"
- Previous message: BobS: "Re: Certificate Server Documentation"
- Next in thread: David Cross [MS]: "Re: Required Root CAs and CTLs"
- Reply: David Cross [MS]: "Re: Required Root CAs and CTLs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
