21Ara
Why does ctldl.windowsupdate.com not use (valid) TLS?
I noticed DNS requests to the domain: ctldl.windowsupdate.com.
Some report it as malicious but I think it a false-positive, and it is legitimately Microsoft. It is also mentioned in https://security.stackexchange.com/a/233376/72031 in relation to CTL.
However, I noticed that the domain does not use valid TLS. Am I missing something here? If it's used for Certificate Trust Lists, which seems to be the case shouldn't that be served over TLS itself, and if not why not and should port 443 not be closed entirely?
