Re: FWD:Shockwave security hole exposes e-mail (fwd)

Rohit Khare (khare@w3.org)
Thu, 27 Mar 1997 21:00:15 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: CobraBoy: "RE: HTTP vs IIOP"
Previous message: Joe Barrera: "RE: HTTP vs IIOP"
In reply to: Robert S. Thau: "FWD:Shockwave security hole exposes e-mail (fwd)"

> The only way I can see out of this in a code-signing framework would
> be for Macromedia to get a new certificate *and* somehow securely
> revoke the old one... does Authenticode provide for that?

Of course not, not until the annual certificate expires. There is no online
verification of certs at the current time. That's the price we pay
for offline services. Of course, offline services don't have to be quite
so pessimistic about revocation lists. Netscape is in no better shape with
their proposal AFAIK.

Next message: CobraBoy: "RE: HTTP vs IIOP"
Previous message: Joe Barrera: "RE: HTTP vs IIOP"
In reply to: Robert S. Thau: "FWD:Shockwave security hole exposes e-mail (fwd)"