-=> Mocking Paul Walker to Kurt Wismer <=-
   
 KW> if the sig isn't there or isn't valid you simply don't use it...
 KW> wonderful thing these cryptographic protocols, no?
 PW> It would be, if it actually proved anything useful. Unfortunately, all
 PW> it proves is that the author had access to that signature - there is
 PW> (or was) a dodgy one floating about with the Microsoft one, for
 PW> example. 
like anyone would really trust anything that said microsoft on it
anyways...
i never said active x was perfect, my understanding is that it's far
from it... and if, as you say, the signatures allow for repudiation (i
think that's the proper term - where the owner of the signature can
claim that he didn't produce the signature due to some poor design
specification in the cryptographic algorithm or protocol) then
certainly there is a glaring security flaw...
say... isn't active x itself a product of microsoft?
... i missed Bill Gates at COMDEX, but i'll get him next year...
--- Maximus 2.02
---------------