[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: [NTSEC] ActiveX, MSIE and Quicken
From:       Russ <Russ.Cooper () RC ! on ! ca>
Date:       1997-01-31 21:18:27
[Download RAW message or body]

William Wells said...
>I don't see anything in IE for Windows 3.1 where one can choose
vendors. I
>can warn on invalid certificates and I can change the list of places
where
>the certificate was issues from. This implies that any vendor
registered in
>one of the sites can write an ActiveX component and be valid; including
>vendors which I may not want to accept components from.

Since IE 3.0 for Windows 3.1 and Windows NT 3.51 doesn't implement
automated downloads of ActiveX objects, and cannot do the dynamic
binding of ActiveX objects, I'm surprised to hear that it gives you the
ability to deal with Authenticode certificates. I think you might be
seeing information about SSL certificates, but since I haven't touched a
16-bit implementation of IE ever, I'm not sure.

>Incidentally, I used Microsoft in the above example since that is a
company
>that I know I've received components from. I have no idea if any other
>company has managed to send me components; I haven't found a way that I
can
>tell.

I'm pretty sure you are probably mistaken here, since that version of
the OS/Browser cannot do automated downloads.

> Cheers,
> Russ
> R.C. Consulting, Inc. - NT/Internet Security Consulting
> "Why does Plug-n-Play so often turn into Unplug-n-Pay?"

[prev in list] [next in list] [prev in thread] [next in thread]