[8669] in cryptography@c2.net mail archive
Re: Another shining example of Microsoft "security".
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Mon Apr 23 10:54:46 2001
Date: Sat, 21 Apr 2001 02:06:27 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: vertigo <vertigo@panix.com>
Cc: Enzo Michelangeli <em@who.net>, cryptography@wasabisystems.com,
coderpunks@toad.com
Message-ID: <20010421020627.A10017@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
In-Reply-To: <Pine.NEB.4.33.0104201700440.22970-100000@panix3.panix.com>; from vertigo@panix.com on Fri, Apr 20, 2001 at 05:44:55PM -0400
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Apr 20, 2001 at 05:44:55PM -0400, vertigo wrote:
> On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
>=20
> > Besides, the fact that many users don't check the validity of the certs
> > presented by the other side is a disgrace, and should not be encouraged=
by
> > distributing broken software.
>=20
> It certainly should not be encouraged. The fact remains that
> informed users are rare. The algorithms are strong, but the
> infrastructure is cream of wheat. Microsoft, if this is true,
> (I use Pine and there isn't a copy of Outlook anywhere in sight)
> has done an injustice not only to the user but, more importantly,
> to the infrastructure.
The Pine SSL patches also don't do any validity checking of
certificates, AFAIK.
Kris
--5vNYLRcllDrimb99
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE64U2TWry0BWjoQKURAntWAKDCNZrAc5bWG9M0HPnVbNkD+1dcKgCgiVxJ
ooEi8BZM2uq0y2H9d/WE3Mw=
=KANU
-----END PGP SIGNATURE-----
--5vNYLRcllDrimb99--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
