Another shining example of Microsoft "security".
Kris Kennaway
kris at obsecurity.org
Sat Apr 21 05:06:27 EDT 2001
On Fri, Apr 20, 2001 at 05:44:55PM -0400, vertigo wrote:
> On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
>
> > Besides, the fact that many users don't check the validity of the certs
> > presented by the other side is a disgrace, and should not be encouraged by
> > distributing broken software.
>
> It certainly should not be encouraged. The fact remains that
> informed users are rare. The algorithms are strong, but the
> infrastructure is cream of wheat. Microsoft, if this is true,
> (I use Pine and there isn't a copy of Outlook anywhere in sight)
> has done an injustice not only to the user but, more importantly,
> to the infrastructure.
The Pine SSL patches also don't do any validity checking of
certificates, AFAIK.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20010421/05f5bc8c/attachment.pgp>
More information about the cryptography
mailing list