| Rich Freeman on 25 May 2011 10:36:41 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Microsoft's Many Eyeballs? |
On Wed, May 25, 2011 at 10:15 AM, Eric at Lucii.org <eric@lucii.org> wrote: > Microsoft's answer to the security issues affecting ActiveX is to institute > "kill bits" and give the users an easier way to enumerate the installed ActiveX > libraries and disable them if necessary. Enumerating badness is pretty flawed in general. However, what really impress me is that just about everybody has messed up certificate revocation lists so much that they're pretty-much useless. I find it annoying when I get an update pushed out for ANY browser in order to blacklist a certificate. What they should be doing is pushing out an update that rejects any certificate signed by a CA that doesn't have a CRL, or whose CRL has not been retrievable within some period of time. That would fix half of these issues without the need for any further updates. My understanding is that few if any browsers implement CRLs in a fail-safe manner, because failing safe might mean that half of the web doesn't work right. For as much flack as CACert gets about not having audits, they at least ensure that you control the domain. Hijacking a domain is at least a lot harder than picking up the phone and saying "Hi, I'm Bill Gates, could you give me some hotmail.com certs?" Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug