Re: How to fix broken security in Windows 2000?
From: Shannon Jacobs (shanen_at_my-deja.com)
Date: 02/08/05
- Next message: Rebecca Chen [MSFT]: "RE: Event ID 643"
- Previous message: Ann: "Re: More Secured"
- In reply to: Karl Levinson [x y], mvp: "Re: How to fix broken security in Windows 2000?"
- Next in thread: Karl Levinson [x y] mvp: "Re: How to fix broken security in Windows 2000?"
- Reply: Karl Levinson [x y] mvp: "Re: How to fix broken security in Windows 2000?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Feb 2005 11:13:11 +0900
There are a number of technical flaws in your (Karl Levinson, mvp [And why
do you want to disguise your identity now with the cute bracket trick? Have
you suddenly become ashamed of your name?]) response. For a trivial example,
I qualified my statement about the certificate chains fairly carefully
because in the real world there are several public key algorithms, various
implementations, and a variety of possible steps involved in importing
security certificates. Of course, Microsoft can, to a great degree, ignore
the real world and define things more narrowly--but you are the one who is
apparently claiming expertise in the "Microsoft way" of security. However,
if you study Microsoft's "support" pages as carefully as you claim, then you
would notice a number of points that do suggest their security certificates
do use chaining and that there are sequence dependencies, and therefore I
could not word my statement in more absolute terms.
>From an actual security expert (found elsewhere), I have actually been
informed that the certificate problems with W2K are fairly well known--and
actually started as long ago as SP1. We are still discussing the situation,
but he thinks the situation is broken beyond repair. However, if we do find
a solution, it would be amusing to circulate it and let it trickle back to
Microsoft.
Now that I've considered the technical aspects, why don't you (Karl
Levinson, mvp) answer the question you must be able to answer. My motivation
for posting is simply that I've discovered a problem and would like to find
a solution. Since you are clearly unable to provide the solution, what is
your motivation in posting? Right now the application of Occam's Razor that
seems to make the most sense is that you are really someone who dislikes
Microsoft and you are trying to make Microsoft look bad. If so,
congratulations on your subtlety.
mvp wrote:
> "Shannon Jacobs" wrote:
>
>> newsgroups, I had already spent quite a bit of time trying to do it
>> the "Microsoft way", and found out that I was apparently wasting my
>> time.
>
> Naturally there's a chance all the various eight steps in the article
> may not fix your problem. It's still necessary to try them [again]
> and report back what happened.
>
> I don't believe you really tried those steps, or didn't try them the
> right way, or tried step 1 on one computer and step 8 on a different
> computer, or you got some error message when trying these steps
> several months ago that we need to know about. Just saying "tried
> it, didn't fix my problem" is NOT enough information. But then you
> knew that already, because you are an experienced tech support person.
>
>> make progress by that path, there would need to be some way to
>> establish a relationship between a file and the security certificate
>> it requires.
>
> Not correct. There's no such thing as an association between a cert
> and a signed file, the association is in the file itself. The
> article I posted does tell you about many of the other dependencies
> that have nothing to do with certificates or files.
>
>> I really am curious why you (Karl Levinson, mvp) persist in
>> blath^H^H^H^H^H commenting about a technical topic you know so
>> little about.
>
>> import all of them? (Actually, I suspect that approach would
>> actually fail unless they were imported in the proper order.)
>
> You are again incorrect about how PKI works. If you're going to
> baselessly claim that I know nothing about PKI certificates in
> Windows, you should avoid making multiple inaccurate statements
> yourself in the same post.
>
>> relationship between a file and the security certificate it
>> requires. I can definitely say that the specific security
>> certificates listed in that article (and in several others) are
>> already present and therefore do NOT solve the problems on at least
>> one machine.
>
> You should have said that before. So now we know you looked and made
> sure all the certificates are there.
>
>> the same time. Still, I do have the impression that the problem is
>> not absolutely uniform, but that some machines are missing more
>> certificates than others.
>
> Oops. I thought you said all the certificates were there? Which
> ones are missing? How do you expect the machines missing
> certificates to ever work? Besides, just two days ago you said the
> problem was "How can missing security certificates be identified and
> replaced?"
>
> I still don't believe you've checked to see what certificates are
> missing, and the other 7 steps, etc. Ignore all the certificates
> there. Only look at the three or so mentioned in the article.
> Counting total number of certs or looking at all the other certs is
> irrelevant.
- Next message: Rebecca Chen [MSFT]: "RE: Event ID 643"
- Previous message: Ann: "Re: More Secured"
- In reply to: Karl Levinson [x y], mvp: "Re: How to fix broken security in Windows 2000?"
- Next in thread: Karl Levinson [x y] mvp: "Re: How to fix broken security in Windows 2000?"
- Reply: Karl Levinson [x y] mvp: "Re: How to fix broken security in Windows 2000?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
