IE comes preloaded with about 34 root certificate authorities, and it is easy for the end user to add more, to add more in batches.
A colleague of mine just loaded a new root into IE, and pointed out that when one does this, the new root is apparently BY DEFAULT enabled for all purposes, including some interesting ones like "Digital Rights" and "Windows System Component Verification." I just tried this, and it appears to be the case. (But I haven't yet tried to see whether Windows will happily use my root for these OS-specific purposes....) --Sean -- Sean W. Smith, Ph.D. sws@cs.dartmouth.edu http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com