From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_1225_01C6D519.0C4E13E0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Your position means that users should not be able to install software =
at all without proving that they aren't an idiot according to some =
rediculous criteria you imagine separates you from the idiots.  Signing =
allows a trust decision and is not a security issue.  The same scenarios =
exist without signing where the user has to make the same decision but =
lacks the ability to include trust as a factor.

Rich
  "Geo"  wrote in message
news:4504d241{at}w3.nls.net...
  Yes, in cases of security I think the default should be to assume the =
user is an idiot and if not then they can prove it by googling to find =
out how to turn the option to the setting they want.

  The problem with prompting is that the prompt never gives enough =
information for the average home user to make an informed decision.

  Note, I'm not saying make it impossible like executable attachments in =
Outlook where you could only turn the blocking off if you had an = exchange
server, I'm saying just require that the user be intelligent = enough to
find the default settings and change them to their liking.

  A prompt that says "this is dangerous, are you sure?" is just asking =
for trouble.

  Geo.
    "Rich"  wrote in message news:450437bd{at}w3.nls.net...
       The default is to prompt.  Are you claiming the default should be =
to not give users a choice?

    Rich
      "Geo"  wrote in message =
news:4503c7eb{at}w3.nls.net...
      If some people always want to make the decision and others always =
want the computer to make the decision, then the checkbox should be for =
those two choices. They do this all the time in IE, deny, prompt, allow, =
I happen to think that's a great solution. The problem is which should = be
the default and with all the security issues I think deny should be = for
about 95% of the things.

      Geo.
        "Rich"  wrote in message news:4501a233{at}w3.nls.net...
           You can either give users a choice or not.  Someone will =
complain either way.  There is no single best answer.  In the scenarios =
where code signing applies, if the signature is valid it is intended for =
the user to make his own choices.  This is not a safe vs. unsafe choice =
where you might be able to excuse bias toward the safe option.

        Rich
          "Antti Kurenniemi" 
wrote in =
message news:45019edc{at}w3.nls.net...
          I didn't mean that signing is not necessarily untrustworthy, I =
mean that=20
          implementing Yet Another Thingamajick Everyone Should =
Understand is *not* an=20
          improvement in security because who the hell can keep up with =
all these=20
          things? The more "security improvements" there are that =
require the end user=20
          to understand and make decisions, the less they help security. =
For example,=20
          take a look at the windows update website: if you have the IE =
download=20
          blocker enabled, the website displays very friendly and =
helpful information=20
          about how to disable it and download the file. Nice and =
helpful, yes? No, it=20
          totally and utterly sucks, because it requires the user to =
have a grasp of=20
          reality and understand *why* there is such a thing as a =
download blocker,=20
          and *why* this particular site should be allowed to bypass it, =
and so on. I=20
          bet more than half the users could be simply informed how to =
do the same and=20
          install any worm or virus in the world, as long as the website =
had as easy=20
          to follow information.

          The answer to security is not to require the user to make =
every choice,=20
          that's only shifting the problem from the producer to the =
consumer.


          Antti Kurenniemi
          (no, I don't know what *is* the answer, and even if I did I'm =
too drunk to=20
          write much more now)

          "Rich"  wrote in message news:4500ee78$1{at}w3.nls.net...
             No.  You look at the signing certificate to see if you =
trust both the=20
          signing party and the certification path.  If you do not, do =
not trust the=20
          signed entity.  If something is not signed, you don't have =
even this option.=20
          How do you choose what to trust?

             The average Joe relies on the identity of the signing party =
alone and=20
          assumes that the certification authorities that are not =
distrusted have been=20
          vetted.

             In practice, have you ever known this to be a problem with =
signed code?=20
          How much actual malware do you hear of that is signed?  I =
can't think of any=20
          that wasn't some PR stunt by someone that signed a demo which =
he released=20
          under his own name anyway.

          Rich

            "Antti Kurenniemi"
 wrote in =
message=20
          news:450054c1{at}w3.nls.net...

            The concept of "signed" executables / activex / whatnot =
makes me want to
            slap someone every time I see it mentioned. Yeah, sure, it's =
signed - now
            what? Should I visit Redmond to ask someone if they really =
signed this, or
            if this is just a trick - a message box saying this =
executable is signed?
            The rate at which these new "improvements" keep popping up =
is such that no
            average Joe can ever really know if he's being fooled or if =
it really is
            legit...


            Antti Kurenniemi



------=_NextPart_000_1225_01C6D519.0C4E13E0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Your
position means that =
users should=20
not be able to install software at all without proving that they aren't = an idiot=20
according to some rediculous criteria you imagine separates you from the =

idiots.  Signing allows a trust decision and is not a security =
issue. =20
The same scenarios exist without signing where the user has to make the = same=20
decision but lacks the ability to include trust as a =
factor.
 
Rich

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:4504d241{at}w3.nls.net...
  Yes, in cases of security I
think the =
default=20
  should be to assume the user is an idiot and if not then they can =
prove it by=20
  googling to find out how to turn the option to the setting they=20
  want.
   
  The problem with prompting is that =
the prompt=20
  never gives enough information for the average home user to make an =
informed=20
  decision.
   
  Note, I'm not saying make it =
impossible like=20
  executable attachments in Outlook where you could only turn the =
blocking off=20
  if you had an exchange server, I'm saying just require that the user =
be=20
  intelligent enough to find the default settings and change them to =
their=20
  liking.
   
  A prompt that says "this is =
dangerous, are you=20
  sure?" is just asking for trouble.
   
  Geo.
  

    "Rich" <{at}> wrote in message news:450437bd{at}w3.nls.net...
       The
default is to =
prompt. =20
    Are you claiming the default should be to not give users a=20
    choice?
     
    Rich
    

      "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
      wrote in message news:4503c7eb{at}w3.nls.net...
      If some people always want to =
make the=20
      decision and others always want the computer to make the decision, =
then=20
      the checkbox should be for those two choices. They do this all the =
time in=20
      IE, deny, prompt, allow, I happen to think that's a great =
solution. The=20
      problem is which should be the default and with all the security =
issues I=20
      think deny should be for about 95% of the things.
       
      Geo.
      

        "Rich" <{at}> wrote in message news:4501a233{at}w3.nls.net...
          
You can either =
give users a=20
        choice or not.  Someone will complain either way.  =
There is no=20
        single best answer.  In the scenarios where code signing =
applies,=20
        if the signature is valid it is intended for the user to make =
his own=20
        choices.  This is not a safe vs. unsafe choice where you =
might be=20
        able to excuse bias toward the safe option.
         
        Rich
        
          "Antti Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
          wrote in message news:45019edc{at}w3.nls.net...I
=

          didn't mean that signing is not necessarily untrustworthy, I =
mean that=20
          implementing Yet Another Thingamajick Everyone Should =
Understand=20
          is *not* an improvement in security because who the hell =
can keep=20
          up with all these things? The more "security
improvements" =
there=20
          are that require the end user to understand and make =
decisions,=20
          the less they help security. For example, take a look at =
the=20
          windows update website: if you have the IE download =
blocker=20
          enabled, the website displays very friendly and helpful =
information=20
          about how to disable it and download the file. Nice and =
helpful,=20
          yes? No, it totally and utterly sucks, because it requires =
the=20
          user to have a grasp of reality and understand *why* there =
is such=20
          a thing as a download blocker, and *why* this particular =
site=20
          should be allowed to bypass it, and so on. I bet more than =
half=20
          the users could be simply informed how to do the same and =
install=20
          any worm or virus in the world, as long as the website had as =
easy=20
          to follow information.The answer to
security is =
not to=20
          require the user to make every choice, that's only =
shifting the=20
          problem from the producer to the
consumer.Antti=20
          Kurenniemi(no, I don't know what *is* the answer, and even =
if I=20
          did I'm too drunk to write much more
now)"Rich" =
<{at}>=20
          wrote in message news:4500ee78$1{at}w3.nls.net...=
  =20
          No.  You look at the signing certificate to see if you =
trust both=20
          the signing party and the certification path.  If you =
do not,=20
          do not trust the signed entity.  If something is not =
signed,=20
          you don't have even this option. How do you choose what to =

          trust?   The average Joe
relies on the =
identity of=20
          the signing party alone and assumes that the certification =

          authorities that are not distrusted have been=20
          vetted.   In
practice, have you ever =
known this=20
          to be a problem with signed code? How much actual malware =
do you=20
          hear of that is signed?  I can't think of any that =
wasn't=20
          some PR stunt by someone that signed a demo which he released=20
          under his own name
anyway.Rich  =
"Antti=20
          Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
          wrote in message news:450054c1{at}w3.nls.net...=
 =20
          The concept of "signed" executables / activex / whatnot makes =
me want=20
          to  slap someone every time I see it mentioned. Yeah, =
sure,=20
          it's signed - now  what? Should I visit Redmond to =
ask=20
          someone if they really signed this, or  if this is =
just a=20
          trick - a message box saying this executable is =
signed?  The=20
          rate at which these new "improvements" keep popping up is such =
that=20
          no  average Joe can ever really know if he's being =
fooled or=20
          if it really is 
legit...  Antti=20
          =
Kurenniemi

------=_NextPart_000_1225_01C6D519.0C4E13E0--

--- BBBS/NT v4.01 Flag-5