[145633] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Tom Ritter)
Fri Aug 6 21:33:31 2010
Date: Fri, 06 Aug 2010 20:38:54 -0400
From: Tom Ritter <tom@ritter.vg>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com
In-Reply-To: <E1Ogt9O-0005Oz-5N@wintermute02.cs.auckland.ac.nz>
> And what else should Windows say? "We put this through our time machine and
> noticed that at some time in the past it was signed and now it isn't"?
Absolutely, on initial install there's no way to know it was originally
signed (if you're smart about it). But in another architecture
Microsoft makes available (ClickOnce) software _upgrades_ that _were_
initially signed - but now are not - do not give indication that
something fishy is going on.
-tom
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
