Microsoft isn't the primary victim, WE ARE!!
The only way to practically resolve this issue is for Verisign to re-issue
all certs they ever verified under a new CA signing certificate. THEN,
Verisign has to launch a campaign to replace it's CA certs in every online
users' web browser!!
Why? Because the general public (us) doesn't have a CRL-checking mechanism
when our browsers verify a certificate as valid. Our browsers only look as
far as the list of CA certificates that are embedded in our browser at the
time we verify a cert.
This isn't a minor PKI flap.
THIS IS HUGE SECURITY DEBACLE FOR VERISIGN, AND A MAJOR NEW VULNERABILITY
FOR THE ONLINE PUBLIC AT LARGE!!! [WBH via risks-digest Volume 21, Issue 32]
0:00
#
G!
