Mike McNally writes:
And so what happens when the Microsoft key is compromised? It might be hard to break by purely cryptographic means, but surely there are some people at Microsoft who aren't millionaires.
At 03:13 PM 10/9/96 -0500, Andrew Loewenstern wrote:
I ask: "Who Cares?" It is easy enough to distribute with the secure-non-GAK plug-in a patch for disabling the module authentication. Heck, you could even make an ActiveX applet that did it.
Better than disabling, would be to give the user the choice of whose signature to trust. Perhaps many users would prefer a crypto engine signed by Zimmerman, rather than Microsoft. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com