
Microsoft to remove WoSign and StartCom certificates in Windows 10 - QUFB
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
======
tialaramex
This is almost a year after the other major trust stores.

Message: Do not wait for Microsoft to make decisions if you care about the
trustworthiness of CAs, their list of "acceptable" CAs is enormous, their
criteria for accepting new CA roots are opaque, and they are slow to remove
obviously problematic CAs like WoSign.

This is probably fine for your day-to-day web browsing habits, but if you have
software that needs to trust e.g. API endpoints you should look to stop
relying on Microsoft's trust store to decide if things are OK. And let them
know - this makes no difference if just a few people do it, but if the message
that end users care gets to Microsoft they just might become a bit more
proactive and stop prioritising commercial interests over trustworthiness.

