Rich Freeman on 25 May 2011 10:36:41 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Microsoft's Many Eyeballs?

On Wed, May 25, 2011 at 10:15 AM, Eric at <> wrote:
> Microsoft's answer to the security issues affecting ActiveX is to institute
> "kill bits" and give the users an easier way to enumerate the installed ActiveX
> libraries and disable them if necessary.

Enumerating badness is pretty flawed in general.  However, what really
impress me is that just about everybody has messed up certificate
revocation lists so much that they're pretty-much useless.  I find it
annoying when I get an update pushed out for ANY browser in order to
blacklist a certificate.  What they should be doing is pushing out an
update that rejects any certificate signed by a CA that doesn't have a
CRL, or whose CRL has not been retrievable within some period of time.
 That would fix half of these issues without the need for any further

My understanding is that few if any browsers implement CRLs in a
fail-safe manner, because failing safe might mean that half of the web
doesn't work right.

For as much flack as CACert gets about not having audits, they at
least ensure that you control the domain.  Hijacking a domain is at
least a lot harder than picking up the phone and saying "Hi, I'm Bill
Gates, could you give me some certs?"

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --