From: "Geo" 

This is a multi-part message in MIME format.

------=_NextPart_000_01B9_01C6D48B.D2FA27B0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

If some people always want to make the decision and others always want =
the computer to make the decision, then the checkbox should be for those =
two choices. They do this all the time in IE, deny, prompt, allow, I =
happen to think that's a great solution. The problem is which should be =
the default and with all the security issues I think deny should be for =
about 95% of the things.

Geo.
  "Rich"  wrote in message news:4501a233{at}w3.nls.net...
     You can either give users a choice or not.  Someone will complain =
either way.  There is no single best answer.  In the scenarios where = code
signing applies, if the signature is valid it is intended for the = user to
make his own choices.  This is not a safe vs. unsafe choice = where you
might be able to excuse bias toward the safe option.

  Rich
    "Antti Kurenniemi"  wrote
in message =
news:45019edc{at}w3.nls.net...
    I didn't mean that signing is not necessarily untrustworthy, I mean =
that=20
    implementing Yet Another Thingamajick Everyone Should Understand is =
*not* an=20
    improvement in security because who the hell can keep up with all =
these=20
    things? The more "security improvements" there are that require the =
end user=20
    to understand and make decisions, the less they help security. For =
example,=20
    take a look at the windows update website: if you have the IE =
download=20
    blocker enabled, the website displays very friendly and helpful =
information=20
    about how to disable it and download the file. Nice and helpful, =
yes? No, it=20
    totally and utterly sucks, because it requires the user to have a =
grasp of=20
    reality and understand *why* there is such a thing as a download =
blocker,=20
    and *why* this particular site should be allowed to bypass it, and =
so on. I=20
    bet more than half the users could be simply informed how to do the =
same and=20
    install any worm or virus in the world, as long as the website had =
as easy=20
    to follow information.

    The answer to security is not to require the user to make every =
choice,=20
    that's only shifting the problem from the producer to the consumer.


    Antti Kurenniemi
    (no, I don't know what *is* the answer, and even if I did I'm too =
drunk to=20
    write much more now)

    "Rich"  wrote in message news:4500ee78$1{at}w3.nls.net...
       No.  You look at the signing certificate to see if you trust both =
the=20
    signing party and the certification path.  If you do not, do not =
trust the=20
    signed entity.  If something is not signed, you don't have even this =
option.=20
    How do you choose what to trust?

       The average Joe relies on the identity of the signing party alone =
and=20
    assumes that the certification authorities that are not distrusted =
have been=20
    vetted.

       In practice, have you ever known this to be a problem with signed =
code?=20
    How much actual malware do you hear of that is signed?  I can't =
think of any=20
    that wasn't some PR stunt by someone that signed a demo which he =
released=20
    under his own name anyway.

    Rich

      "Antti Kurenniemi" 
wrote in message =

    news:450054c1{at}w3.nls.net...

      The concept of "signed" executables / activex / whatnot makes me =
want to
      slap someone every time I see it mentioned. Yeah, sure, it's =
signed - now
      what? Should I visit Redmond to ask someone if they really signed =
this, or
      if this is just a trick - a message box saying this executable is =
signed?
      The rate at which these new "improvements" keep popping up is such =
that no
      average Joe can ever really know if he's being fooled or if it =
really is
      legit...


      Antti Kurenniemi



------=_NextPart_000_01B9_01C6D48B.D2FA27B0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








If some people always want to make the =
decision and=20
others always want the computer to make the decision, then the checkbox = should=20
be for those two choices. They do this all the time in IE, deny, prompt, = allow,=20
I happen to think that's a great solution. The problem is which should = be the=20
default and with all the security issues I think deny should be for = about 95% of=20
the things.
 
Geo.

  "Rich" <{at}> wrote in message news:4501a233{at}w3.nls.net...
     You can
either give =
users a choice=20
  or not.  Someone will complain either way.  There is no =
single best=20
  answer.  In the scenarios where code signing applies, if the =
signature is=20
  valid it is intended for the user to make his own choices.  This =
is not a=20
  safe vs. unsafe choice where you might be able to excuse bias toward =
the safe=20
  option.
   
  Rich
  
    "Antti Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
    wrote in message news:45019edc{at}w3.nls.net...I
=

    didn't mean that signing is not necessarily untrustworthy, I mean =
that=20
    implementing Yet Another Thingamajick Everyone Should Understand =
is=20
    *not* an improvement in security because who the hell can keep =
up with=20
    all these things? The more "security improvements"
there are =
that=20
    require the end user to understand and make decisions, the less =
they=20
    help security. For example, take a look at the windows update =
website:=20
    if you have the IE download blocker enabled, the website =
displays very=20
    friendly and helpful information about how to disable it and =
download=20
    the file. Nice and helpful, yes? No, it totally and utterly =
sucks,=20
    because it requires the user to have a grasp of reality and =
understand=20
    *why* there is such a thing as a download blocker, and *why* =
this=20
    particular site should be allowed to bypass it, and so on. I bet =
more=20
    than half the users could be simply informed how to do the same and=20
    install any worm or virus in the world, as long as the website =
had as=20
    easy to follow information.The answer to
security is not =
to=20
    require the user to make every choice, that's only shifting the =
problem=20
    from the producer to the consumer.Antti =
Kurenniemi(no, I=20
    don't know what *is* the answer, and even if I did I'm too drunk to=20
    write much more now)"Rich"
<{at}> wrote in message news:4500ee78$1{at}w3.nls.net...=
  =20
    No.  You look at the signing certificate to see if you trust =
both the=20
    signing party and the certification path.  If you do not, =
do not=20
    trust the signed entity.  If something is not signed, you =
don't=20
    have even this option. How do you choose what to=20
    trust?   The average Joe relies
on the identity of =
the=20
    signing party alone and assumes that the certification =
authorities that=20
    are not distrusted have been
vetted.   In =
practice,=20
    have you ever known this to be a problem with signed code? How =
much=20
    actual malware do you hear of that is signed?  I can't think of =
any=20
    that wasn't some PR stunt by someone that signed a demo which he =

    released under his own name
anyway.Rich  =
"Antti=20
    Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
    wrote in message news:450054c1{at}w3.nls.net...=
 =20
    The concept of "signed" executables / activex / whatnot makes me =
want=20
    to  slap someone every time I see it mentioned. Yeah, sure, =
it's=20
    signed - now  what? Should I visit Redmond to ask someone =
if they=20
    really signed this, or  if this is just a trick - a message =
box=20
    saying this executable is signed?  The rate at which these =
new=20
    "improvements" keep popping up is such that
no  average Joe =
can=20
    ever really know if he's being fooled or if it really is =20
    legit...  Antti=20
Kurenniemi

------=_NextPart_000_01B9_01C6D48B.D2FA27B0--

--- BBBS/NT v4.01 Flag-5