How do you explain how inexcusable this is to most people? It's not even universal that tech people know what a CA does.
This breaks encryption, by letting a server that is not google.com say, "Hi, I am google.com, and here is my public key". The cert authority is the one that checks the public keys are good. You have to trust that Microsoft trusts the right CAs, and they seemingly do not.
twovests OP wrote
How do you explain how inexcusable this is to most people? It's not even universal that tech people know what a CA does.
This breaks encryption, by letting a server that is not google.com say, "Hi, I am google.com, and here is my public key". The cert authority is the one that checks the public keys are good. You have to trust that Microsoft trusts the right CAs, and they seemingly do not.
bad bad bad!!