[95441] in cryptography@c2.net mail archive
Re: New article on root certificate problems with Windows
daemon@ATHENA.MIT.EDU (pgut001@cs.auckland.ac.nz)
Sat Jul 21 13:28:48 2007
Date: Fri, 20 Jul 2007 19:58:32 +1200
From: pgut001@cs.auckland.ac.nz
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com
In-Reply-To: <p06240837c2c52e4dfcb8@[165.227.249.220]>
Paul Hoffman <paul.hoffman@vpnc.org> writes:
> At 2:45 AM +1200 7/20/07, pgut001@cs.auckland.ac.nz wrote:
> |From a security point of view, this is really bad. From a usability
> point of
> |view, it's necessary.
>
> As you can see from my list of proposed solutions, I disagree. I see no
> reason not to to alert a user *who has removed a root* that you are about to
> put it back in.
It depends on what you mean by "user". You're assuming that direct action by
the wetware behind the keyboard resulted in its removal. However given how
obscure and well-hidden this capability is, it's more likely that a user agent
acting with the user's rights caused the problem. So the message you end up
communicating to the user is:
"Something you've never heard of before has changed a setting you've never
heard of before that affects the operation of something you've never heard
of before and probably wouldn't understand no matter how patiently we
explain it".
(those things are, in order "some application or script", "the cert trust
setting", "certificates", and "PKI").
I guess we'd need word from MS on whether this is by design or by accident,
but I can well see that quietly unbreaking something that's broken for some
reason would be seen as desirable behaviour.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
