Check PE certificates against Certificate Revocation Lists #286
Assignees
Labels
accepted
This issue was accepted, we will work on this at some point
enhancement
New feature or request
service-pe
Comments
sgaron-msft
added
assess
gdesmar
added
accepted
|
https://crt.sh/ looks to be using Google's CRLSet, Microsoft's disallowedcert.stl, Mozilla's OneCRL and the specific cert's CA's CRL. That is a lot of CRLs that could be added as sources, and updated periodically. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Right now, the PE service only check is a PE is signed but does not validate if the certificate has been revoked.
Describe the solution you'd like
It would be very useful to have the PE service check the signature against the different revocation lists so the service would not provide a false sense of security to the user. We could also use this to mark file as malicious.
The text was updated successfully, but these errors were encountered: