From: Jon Crowcroft <J(_dot_)Crowcroft(_at_)cs(_dot_)ucl(_dot_)ac(_dot_)uk>
i'd prefer to see us develop a more 21st century solution
first, we should register mime types that we DO allow on a list
second, if someone must send an executable attachment , then we have a
signing server that signs the attachment as trustworthy - most of the
stupid atachments come from places who wouldnt be part of my trust
chain.....
It would be more of a 21st century something to have the IETF join
Microsoft in equating authentication (e.g. signing) with authorization
(e.g. who gets to run programs on your computers). However, "solution"
is not the best word for what it would be.
In other words, please consider how little you would need to adapt
http://www.cert.org/reports/activeX_report.pdf if you did such a thing.
In still other words, do you really think that I should automatically
be part of your trust chain?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com