Yeah but isn't the point of these certificates to express trust?

The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.

Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.

▲

sidewndr46 8 hours ago | parent [-]

who on planet earth trusts a piece of software because Microsoft signed it?

	▲	roelschroeven 8 hours ago \| parent \| next [-]
		There are different types of trust, but at the very least with such a signature you can trust that the piece of software is really from Veracrypt and not from a malicious third party.
	▲	repelsteeltje 6 hours ago \| parent \| prev \| next [-]
		For one: Most if not all virus scanners. A signature is a signal, not an absolute. Although, to be fair, if Microsoft (or most other CAs) had done a better job, then that trust would have carried more weight than it does currently.
	▲	mr_mitm 8 hours ago \| parent \| prev [-]
		Trust isn't binary, it's a spectrum. A signature is a signal that should increase trustworthiness. Not the strongest signal, perhaps even a weak one, but it's not zero.