alt Hacker NewsIt's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
Replies
orbital-decay • today at 9:29 AM
That's what VeraCrypt is, a fork of the original TrueCrypt after all drama, security doubts, and eventual discontinuation. It took a long time and two independent audits to establish trust in it.
subscribed • today at 9:35 AM
Probably not French though, give how hostile it appears to be to encryption/security related projects (GrapheneOS had a good arguments re: that)
➕ show 1 reply
fg137 • today at 10:07 AM
And Microsoft will be happy to shut that one down because their incompetence.
So we'd better find a real solution now.
Yeah but isn't the point of these certificates to express trust?
The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.
Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.