Re: Certificate / CPS issues

Anthony,

I asked Christian for a reason. This appears to be relativelynew. It isn't clear, from either the article or his note, howmuch of it is deployed already. It is linked, the articlesays, to Win XP and not to IE -- there are different procedures,it says, for IE under Win 2000, ME and earlier than are proposed(apparently going forward) for XP. It strongly implies that, ifthere are options to control this, they are (will be?) Windowsoptions, not (specifically) IE options (although IE might wellbe able to access them). I don't have a copy of Win XP here,much less one with this kit installed, so I have no idea whetherthere is an easily-accessible option that permits turning "askme before installing a cert" on, or what information thatquestion provides. The article might lead a reasonable personto believe that those things had been turned off, with nooptions available to the casual user, in the interest of a gooduser experience (something I can certainly make a case for, evenwhile preferring that they not do it to me). But, I don'tknow, which is why I asked.

And, unless you are in a position to speak authoritatively forMicrosoft,...


   regards,
      john

--On Wednesday, 11 June, 2003 01:07 +0200 Anthony Atkielski<anthony(_at_)atkielski(_dot_)com> wrote:

John writes:

Now, if I read this correctly, there is no
more choice ...


You read incorrectly.  Default behavior is not mandatory
behavior.

Conversely, if I'm part of an enterprise that
issues its own certs for internal purposes, it
doesn't look as if I can make those certs usable
in the XP environment, since such internal
certs don't satisfy the "broad business value to Microsoft
platform customers" criterion and hence will not be accepted
by Microsoft for use in the specified environment.


You read incorrectly, again.  You can add any certificates you
want to your machines.  You just can't get Microsoft to make
them publicly available for distribution by MS without
convincing them that doing so is worthwhile for Microsoft,
which makes perfect sense.

I hope this is only part of the story, and that
user options to accept some certs (even if they are
not accepted by Microsoft) and reject others (even
if they are accepted by Microsoft) still
exist in some usable form.


They do.  Look under Internet Options in Internet Explorer.

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Certificate / CPS issues, (continued) RE: Certificate / CPS issues, Haren Visavadia Re: Certificate / CPS issues, Anthony Atkielski RE: Certificate / CPS issues, Christian Huitema RE: Certificate / CPS issues, Hallam-Baker, Phillip RE: Certificate / CPS issues, Einar Stefferud RE: Certificate / CPS issues, Hallam-Baker, Phillip RE: Certificate / CPS issues, Einar Stefferud RE: Certificate / CPS issues, Christian Huitema RE: Certificate / CPS issues, John C Klensin Re: Certificate / CPS issues, Anthony Atkielski Re: Certificate / CPS issues, John C Klensin <= Re: Certificate / CPS issues, Anthony Atkielski Re: Certificate / CPS issues, Haren Visavadia Re: Certificate / CPS issues, Anthony Atkielski Re: Certificate / CPS issues, Haren Visavadia Re: Certificate / CPS issues, Haren Visavadia Re: Certificate / CPS issues, Anthony Atkielski RE: Re: Certificate / CPS issues, Haren Visavadia Re: Certificate / CPS issues, Haren Visavadia