Paul Hoffman [EMAIL PROTECTED] writes:
At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
|From a security point of view, this is really bad. From a usability
point of
|view, it's necessary.
As you can see from my list of proposed solutions, I disagree. I see no
reason not to to alert a user
At 7:58 PM +1200 7/20/07, [EMAIL PROTECTED] wrote:
Paul Hoffman [EMAIL PROTECTED] writes:
At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
|From a security point of view, this is really bad. From a
usability point of
|view, it's necessary.
As you can see from my list of proposed
(I don't have access to windoze... cannot verify if my suggestion would
work...)
Can't you replace the installed root certs with empty files or bogus
content such that they will fail path validation and still trick MS not
to re-install them?
-Frank.
Jeffrey Altman wrote:
[EMAIL PROTECTED]
Paul Hoffman [EMAIL PROTECTED] writes:
I posted a new security research article at
http://www.proper.com/root-cert-problem/. It is not directly related to
crypto (although not so much of the traffic on this list is...), it does
relate to some PKI topics that are favorites of this list.
The
At 2:45 AM +1200 7/20/07, [EMAIL PROTECTED] wrote:
From a security point of view, this is really bad. From a usability point of
view, it's necessary.
As you can see from my list of proposed solutions, I disagree. I see
no reason not to to alert a user *who has removed a root* that you
are
[EMAIL PROTECTED] wrote:
From a security point of view, this is really bad. From a usability
point of
view, it's necessary.
I agree with all the above, including deleted.
The solution is to let the HCI people into the
design
process, something that's very rarely, if ever, done in the
[EMAIL PROTECTED] wrote:
The executive summary, so I've got something to reply to:
In the default configuration for Windows XP with Service Pack 2 (SP2),
if a
user removes one of the trusted root certificates, and the certifier who
issued that root certificate is trusted by Microsoft,