Re: What could have been done differently?
On Thu, Jan 30, 2003 at 10:39:17AM -0800, hino@ccrl.sj.nec.com said:
IIRC, MS's patches has been digitally signed by MS, and their patching system checks these sign silently. So, they will claim that compromised route info and/or DNS spoofing does not affect their correctness.
Though, I'm not sure what will happen in key revoking situation.
interesting side note ... top of the page right now at http://www.ntk.net details a similar problem facing MS in the UK currently. (Remember when they forgot to renew hotmail.com, and some kind Linux geek fixed it for them ... well, apparently their entry in the Data Protection Register (UK) expired January 8. This means all personal data held by them in the UK is now illegal (passport, anyone?) I wonder if something like this would be useful (or even possible) in the US, of if it would be just another opportunity for bureaucratic bungling ...)
Koji
-- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui
<shnipp Data Protection stuff> At least theoretically, the US *is* supposed to have a comparable system. European privacy law makes it illegal to transfer personal data of any kind to a country without a comparable system - the US has a voluntary "Safe Haven" scheme that is supposed to enable US companies to be able to receive personal data from europe without the board of directors of the sending company being arrested.... Mind you, none of this takes into account the web; based in the US, Passport isn't subject to english law (but then, most american courts assume Internet==American law anyhow)
participants (2)
-
Dave Howe
-
Scott Francis