TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: Rich
from: Geo
date: 2006-09-11 06:08:22
subject: Re: Code signing
From: "Geo" 

This is a multi-part message in MIME format.

------=_NextPart_000_0062_01C6D568.AF52C4B0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

No that's not what I'm saying, I'm saying running executable code =
downloaded via the browser from random internet sites should be =
considered untrusted code by default and treated as such. I'm saying =
popping up a dialog box that says essentially "this is dangerous, are
= you sure" is not sufficient since most users have no idea what =
executable code is let alone who is trying to run it on their machines = or
what it might do.

Geo.
  "Rich"  wrote in message news:4504dae6{at}w3.nls.net...
     Your position means that users should not be able to install =
software at all without proving that they aren't an idiot according to =
some rediculous criteria you imagine separates you from the idiots.  =
Signing allows a trust decision and is not a security issue.  The same =
scenarios exist without signing where the user has to make the same =
decision but lacks the ability to include trust as a factor.

  Rich
------=_NextPart_000_0062_01C6D568.AF52C4B0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








No that's not what I'm saying, I'm =
saying running=20
executable code downloaded via the browser from random internet sites = should be=20
considered untrusted code by default and treated as such. I'm saying = popping up=20
a dialog box that says essentially "this is dangerous, are you
sure" is = not=20
sufficient since most users have no idea what executable code is let = alone who=20
is trying to run it on their machines or what it might do.
 
Geo.


  "Rich" <{at}> wrote in message news:4504dae6{at}w3.nls.net...
     Your
position means that =
users=20
  should not be able to install software at all without proving that =
they aren't=20
  an idiot according to some rediculous criteria you imagine separates =
you from=20
  the idiots.  Signing allows a trust decision and is not a =
security=20
  issue.  The same scenarios exist without signing where the user =
has to=20
  make the same decision but lacks the ability to include trust as a=20
  factor.
   
  Rich

------=_NextPart_000_0062_01C6D568.AF52C4B0--

--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270 5030/786
@PATH: 379/45 1 106/2000 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.