<<< Date Index >>>     <<< Thread Index >>>

Self-signed certs unrestricted in Windows XP



It appears that if a self-signed (test) certificate is installed under
Windows XP, that it acquires all (or an unreasonable number of) privileges
by default.

I was testing a webserver and Java applet which I had signed with
a self-signed cert (https://andrew.triumf.ca/mterm/)

I notice that under Windows XP, if I elect to accept the certificate
permanently, and then go to the Content tab in "Internet Options" in IE,
that I see my cert is installed under "Trusted Root CAs", and if I click
Advanced, that it is by default trusted for a large number of purposes
such as driver verification and time stamping; I can change this (and did)
under "View->Details->Edit Properties".

I would have assumed that it would only be trusted for "Server
Verification" (and for the Java certificate, "Code Signing")

(In Netscape 4 or Mozilla on Linux, the server cert is installed only as
an "SSL Server Site", while the Java cert, although installed as a CA,
does not by default certify network sites, and is not used for local
functions such as filesystem encryption, software package verification
etc.)

Since by default self-signed certs are not trusted, and generate a lot
of alerts if used, I don't see this a big problem. But on occasion
someone may use such a cert to provide protection against eavesdropping at
zero cost, and tell users "if you install the cert you won't get the
popups every time you connect", without taking the same precautions to
safeguard the private key as they might otherwise have done.


(It might be nice to have a mechanism to trust a certificate for
only one object, but I guess things don't work like that)

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security@xxxxxxxxx