Re: Certificate / CPS issues
2003-06-10 17:04:20
Anthony,
I asked Christian for a reason. This appears to be relatively
new. It isn't clear, from either the article or his note, how
much of it is deployed already. It is linked, the article
says, to Win XP and not to IE -- there are different procedures,
it says, for IE under Win 2000, ME and earlier than are proposed
(apparently going forward) for XP. It strongly implies that, if
there are options to control this, they are (will be?) Windows
options, not (specifically) IE options (although IE might well
be able to access them). I don't have a copy of Win XP here,
much less one with this kit installed, so I have no idea whether
there is an easily-accessible option that permits turning "ask
me before installing a cert" on, or what information that
question provides. The article might lead a reasonable person
to believe that those things had been turned off, with no
options available to the casual user, in the interest of a good
user experience (something I can certainly make a case for, even
while preferring that they not do it to me). But, I don't
know, which is why I asked.
And, unless you are in a position to speak authoritatively for
Microsoft,...
regards,
john
--On Wednesday, 11 June, 2003 01:07 +0200 Anthony Atkielski
<anthony(_at_)atkielski(_dot_)com> wrote:
John writes:
Now, if I read this correctly, there is no
more choice ...
You read incorrectly. Default behavior is not mandatory
behavior.
Conversely, if I'm part of an enterprise that
issues its own certs for internal purposes, it
doesn't look as if I can make those certs usable
in the XP environment, since such internal
certs don't satisfy the "broad business value to Microsoft
platform customers" criterion and hence will not be accepted
by Microsoft for use in the specified environment.
You read incorrectly, again. You can add any certificates you
want to your machines. You just can't get Microsoft to make
them publicly available for distribution by MS without
convincing them that doing so is worthwhile for Microsoft,
which makes perfect sense.
I hope this is only part of the story, and that
user options to accept some certs (even if they are
not accepted by Microsoft) and reject others (even
if they are accepted by Microsoft) still
exist in some usable form.
They do. Look under Internet Options in Internet Explorer.
|
|