Microsoft’s Revocation of the Verisign Class 3 Public Primary G5 Root Cert

&gt; I’m also surprised at how little noise this change made even within the information security community. It speaks volumes at how little digital signatures are used to proactively enforce the integrity of software at load time within the majority of the ecosystem (again kudos to Intuit).<p>Or more likely anybody caring about signatures would have updated the binaries already well before the 2019 date when these certs were supposed to be distrusted.

I don&#x27;t get it. How in this story is airlock digital using a certificate signed by a root that was supposed to be disabled years ago but incorrectly disabled only recently? Like where did they get such a certificate? Nobody is supposed to have issued a cert like this post 2018.

<p><pre><code> And for VeriSign Class 3 Public Primary Certification Authority – G5 was supposed to be distrusted by Microsoft on May 21st 2019. Here is the DigiCert link for your reference: https:&#x2F;&#x2F;knowledge.digicert.com &#x2F;alerts&#x2F;symantec_root_distrust.html However, Microsoft remains trusting this Root certificate until Aug 23rd 2023. And distrusted this root certificate yesterday. </code></pre> Why did it take 4 years?

Interesting. If I understand correctly, this will render some hardware whose drivers were signed with that certificate unusable. Very expensive, hard-to-replace hardware in my company&#x27;s case.<p>Nobody seems to be talking about an outrageous act of value destruction on Microsoft&#x27;s part, so maybe I&#x27;m interpreting it wrong.

I wish Verisign could run their services properly, instead of just making business by hiking the .com and others (while wages of engineers is actually plummeting).<p>Do they just focus on cash cows, or do they have other products in store nowadays ?