[95225] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: New article on root certificate problems with Windows

daemon@ATHENA.MIT.EDU (Paul Hoffman)
Thu Jul 19 11:32:40 2007

In-Reply-To: <20070720024534.becq2x3qfsskc04g@webmail.cs.auckland.ac.nz>
Date: Thu, 19 Jul 2007 08:07:47 -0700
To: pgut001@cs.auckland.ac.nz
From: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com

At 2:45 AM +1200 7/20/07, pgut001@cs.auckland.ac.nz wrote:
>From a security point of view, this is really bad.  From a usability point of
>view, it's necessary.

As you can see from my list of proposed solutions, I disagree. I see 
no reason not to to alert a user *who has removed a root* that you 
are about to put it back in.

Note that I did not criticize the practice of starting with a zillion 
roots that Microsoft trusts.

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[95225] in cryptography@c2.net mail archive

Re: New article on root certificate problems with Windows

daemon@ATHENA.MIT.EDU (Paul Hoffman)Thu Jul 19 11:32:40 2007

daemon@ATHENA.MIT.EDU (Paul Hoffman)
Thu Jul 19 11:32:40 2007