[Cryptography] open questions in secure protocol design?
John Levine
johnl at iecc.com
Tue Jun 2 16:00:33 EDT 2015
>not used their software in years, but I'm under the impression
>that XP is the last version which can be legally maintained in
>a known state: That is, without giving Microsoft Carte-Blanche
>to implement any change in security or any other part of the
>software that they want to change, for reasons that have nothing
>to do with any threat model their customers may be facing.
You are mistaken. At least through Windows 8, you can accept or
reject any download offered through Windows Update and you don't
need any authentication beyond the key used when you originally
installed Windows.
I hear that the low priced versions of Windows 10 may be different and
install updates without asking. That would indeed be a problem.
R's,
John
More information about the cryptography
mailing list