From firewalls-gc Fri Jan 31 21:18:27 1997 From: Russ Date: Fri, 31 Jan 1997 21:18:27 +0000 To: firewalls-gc Subject: RE: [NTSEC] ActiveX, MSIE and Quicken X-MARC-Message: https://marc.info/?l=firewalls-gc&m=87619433410993 William Wells said... >I don't see anything in IE for Windows 3.1 where one can choose vendors. I >can warn on invalid certificates and I can change the list of places where >the certificate was issues from. This implies that any vendor registered in >one of the sites can write an ActiveX component and be valid; including >vendors which I may not want to accept components from. Since IE 3.0 for Windows 3.1 and Windows NT 3.51 doesn't implement automated downloads of ActiveX objects, and cannot do the dynamic binding of ActiveX objects, I'm surprised to hear that it gives you the ability to deal with Authenticode certificates. I think you might be seeing information about SSL certificates, but since I haven't touched a 16-bit implementation of IE ever, I'm not sure. >Incidentally, I used Microsoft in the above example since that is a company >that I know I've received components from. I have no idea if any other >company has managed to send me components; I haven't found a way that I can >tell. I'm pretty sure you are probably mistaken here, since that version of the OS/Browser cannot do automated downloads. > Cheers, > Russ > R.C. Consulting, Inc. - NT/Internet Security Consulting > "Why does Plug-n-Play so often turn into Unplug-n-Pay?"