From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_11E1_01C6D4B7.CEC77680
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   The default is to prompt.  Are you claiming the default should be to =
not give users a choice?

Rich
  "Geo"  wrote in message
news:4503c7eb{at}w3.nls.net...
  If some people always want to make the decision and others always want =
the computer to make the decision, then the checkbox should be for those =
two choices. They do this all the time in IE, deny, prompt, allow, I =
happen to think that's a great solution. The problem is which should be =
the default and with all the security issues I think deny should be for =
about 95% of the things.

  Geo.
    "Rich"  wrote in message news:4501a233{at}w3.nls.net...
       You can either give users a choice or not.  Someone will complain =
either way.  There is no single best answer.  In the scenarios where = code
signing applies, if the signature is valid it is intended for the = user to
make his own choices.  This is not a safe vs. unsafe choice = where you
might be able to excuse bias toward the safe option.

    Rich
      "Antti Kurenniemi" 
wrote in message =
news:45019edc{at}w3.nls.net...
      I didn't mean that signing is not necessarily untrustworthy, I =
mean that=20
      implementing Yet Another Thingamajick Everyone Should Understand =
is *not* an=20
      improvement in security because who the hell can keep up with all =
these=20
      things? The more "security improvements" there are that require =
the end user=20
      to understand and make decisions, the less they help security. For =
example,=20
      take a look at the windows update website: if you have the IE =
download=20
      blocker enabled, the website displays very friendly and helpful =
information=20
      about how to disable it and download the file. Nice and helpful, =
yes? No, it=20
      totally and utterly sucks, because it requires the user to have a =
grasp of=20
      reality and understand *why* there is such a thing as a download =
blocker,=20
      and *why* this particular site should be allowed to bypass it, and =
so on. I=20
      bet more than half the users could be simply informed how to do =
the same and=20
      install any worm or virus in the world, as long as the website had =
as easy=20
      to follow information.

      The answer to security is not to require the user to make every =
choice,=20
      that's only shifting the problem from the producer to the =
consumer.


      Antti Kurenniemi
      (no, I don't know what *is* the answer, and even if I did I'm too =
drunk to=20
      write much more now)

      "Rich"  wrote in message news:4500ee78$1{at}w3.nls.net...
         No.  You look at the signing certificate to see if you trust =
both the=20
      signing party and the certification path.  If you do not, do not =
trust the=20
      signed entity.  If something is not signed, you don't have even =
this option.=20
      How do you choose what to trust?

         The average Joe relies on the identity of the signing party =
alone and=20
      assumes that the certification authorities that are not distrusted =
have been=20
      vetted.

         In practice, have you ever known this to be a problem with =
signed code?=20
      How much actual malware do you hear of that is signed?  I can't =
think of any=20
      that wasn't some PR stunt by someone that signed a demo which he =
released=20
      under his own name anyway.

      Rich

        "Antti Kurenniemi"  wrote in =
message=20
      news:450054c1{at}w3.nls.net...

        The concept of "signed" executables / activex / whatnot makes me =
want to
        slap someone every time I see it mentioned. Yeah, sure, it's =
signed - now
        what? Should I visit Redmond to ask someone if they really =
signed this, or
        if this is just a trick - a message box saying this executable =
is signed?
        The rate at which these new "improvements" keep popping up is =
such that no
        average Joe can ever really know if he's being fooled or if it =
really is
        legit...


        Antti Kurenniemi



------=_NextPart_000_11E1_01C6D4B7.CEC77680
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   The default is to =
prompt.  Are=20
you claiming the default should be to not give users a =
choice?
 
Rich

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:4503c7eb{at}w3.nls.net...
  If some people always want to make =
the decision=20
  and others always want the computer to make the decision, then the =
checkbox=20
  should be for those two choices. They do this all the time in IE, =
deny,=20
  prompt, allow, I happen to think that's a great solution. The problem =
is which=20
  should be the default and with all the security issues I think deny =
should be=20
  for about 95% of the things.
   
  Geo.
  

    "Rich" <{at}> wrote in message news:4501a233{at}w3.nls.net...
       You
can either give =
users a choice=20
    or not.  Someone will complain either way.  There is no =
single=20
    best answer.  In the scenarios where code signing applies, if =
the=20
    signature is valid it is intended for the user to make his own=20
    choices.  This is not a safe vs. unsafe choice where you might =
be able=20
    to excuse bias toward the safe option.
     
    Rich
    
      "Antti Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
      wrote in message news:45019edc{at}w3.nls.net...I
=

      didn't mean that signing is not necessarily untrustworthy, I mean =
that=20
      implementing Yet Another Thingamajick Everyone Should =
Understand is=20
      *not* an improvement in security because who the hell can keep =
up with=20
      all these things? The more "security
improvements" there are =
that=20
      require the end user to understand and make decisions, the =
less they=20
      help security. For example, take a look at the windows update =
website:=20
      if you have the IE download blocker enabled, the website =
displays very=20
      friendly and helpful information about how to disable it and =
download=20
      the file. Nice and helpful, yes? No, it totally and utterly =
sucks,=20
      because it requires the user to have a grasp of reality and =
understand=20
      *why* there is such a thing as a download blocker, and *why* =
this=20
      particular site should be allowed to bypass it, and so on. I =
bet more=20
      than half the users could be simply informed how to do the same =
and=20
      install any worm or virus in the world, as long as the website =
had as=20
      easy to follow information.The answer
to security is =
not to=20
      require the user to make every choice, that's only shifting =
the=20
      problem from the producer to the
consumer.Antti=20
      Kurenniemi(no, I don't know what *is* the answer, and even if =
I did=20
      I'm too drunk to write much more
now)"Rich" <{at}> =
wrote in=20
      message news:4500ee78$1{at}w3.nls.net...=
  =20
      No.  You look at the signing certificate to see if you trust =
both the=20
      signing party and the certification path.  If you do not, =
do not=20
      trust the signed entity.  If something is not signed, you =
don't=20
      have even this option. How do you choose what to=20
      trust?   The average Joe relies
on the identity =
of the=20
      signing party alone and assumes that the certification =
authorities=20
      that are not distrusted have been
vetted.   =
In=20
      practice, have you ever known this to be a problem with signed =
code?=20
      How much actual malware do you hear of that is signed?  I =
can't=20
      think of any that wasn't some PR stunt by someone that signed =
a demo=20
      which he released under his own name =
anyway.Rich =20
      "Antti Kurenniemi" <NOantti{at}SPAManttikPLEASE.com=">mailto:NOantti{at}SPAManttikPLEASE.com">NOantti{at}SPAManttikPLEASE.com=
>=20
      wrote in message news:450054c1{at}w3.nls.net...=
 =20
      The concept of "signed" executables / activex / whatnot makes me =
want=20
      to  slap someone every time I see it mentioned. Yeah, =
sure, it's=20
      signed - now  what? Should I visit Redmond to ask someone =
if they=20
      really signed this, or  if this is just a trick - a =
message box=20
      saying this executable is signed?  The rate at which =
these new=20
      "improvements" keep popping up is such that
no  average =
Joe can=20
      ever really know if he's being fooled or if it really is  =

      legit...  Antti=20
  =
Kurenniemi

------=_NextPart_000_11E1_01C6D4B7.CEC77680--

--- BBBS/NT v4.01 Flag-5