Some experiments I have done with both Adobe Reader 10.1.1 and 10.1.2 show that their implemented algorithm vor validating the certificate of a signature is different:
- In all versions of Adobe Reader up to and including 10.1.1 no revocation checking is performed for a certificate marked as a trust anchor.
- In Adobe Reader 10.1.2 revocation checking is performed even if a certificate is marked as a trust anchor.
Since the latter behaviour is in conflict with international standards for certificate validation (RFC 5280, section 6.1), my questions are:
- Has this shift in the implementation happened intentionally?
- If yes, why?
/Gregor