A scanning tool for PC root public key stores
As has recently been demonstrated, a malicious third party could insert a self-issued CA public key into the list of trusted root CA public keys stored on an end user PC. As a consequence, the malicious third party could potentially do severe damage to the end user computing environment. In this paper, we discuss the problem of fake root public keys and suggest a solution that can be used to detect and remove them. We further describe a prototype implementation of this solution. C. Wolf, S. Lucks, P.-W. Yau (Eds.): WEWoRC 2005, LNI P-74, pp. 45-52, 2005. c Gesellschaft fÃ¼r Informatik e.V.
Full Text: PDF