Another shining example of Microsoft "security".
vertigo
vertigo at panix.com
Fri Apr 20 17:44:55 EDT 2001
On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
> Besides, the fact that many users don't check the validity of the certs
> presented by the other side is a disgrace, and should not be encouraged by
> distributing broken software.
It certainly should not be encouraged. The fact remains that
informed users are rare. The algorithms are strong, but the
infrastructure is cream of wheat. Microsoft, if this is true,
(I use Pine and there isn't a copy of Outlook anywhere in sight)
has done an injustice not only to the user but, more importantly,
to the infrastructure.
I will say that my opinion is based on anecdotal info rather
than anything concrete. During the 6 months I worked on the
url-rewriting proxy, I heard of no complaints from users regarding
certificates not belonging to the sites being browsed. We
were dealing with a large amount of traffic, having proxied 150 of
Lycos' merchants (with mediocre success) through the Christmas
season.
vert
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list