Ian G <i...@iang.org> writes: >Microsoft have a big interest in bypassing the status quo, and they've tried >several times. But each time it isn't for the benefit of the users, more for >their own benefit, in that they've tried to rebuild the security >infrastructure with themselves in control. (recall .net, InfoCard, Brands' >patents, etc.)
Actually they do have one thing they've done that no other browser has, they have, as of IE9, a single mechanism that goes beyond "has a certificate -> good, no certificate -> bad" that all the other browsers use, which is their SmartScreen reputation-based handling of executable downloads (not to be confused with the mostly pointless blacklisting mechanism, which confusingly is also called SmartScreen). Unfortunately all the figures they give for its effectiveness are yes-biased (what's in the other three sectors of the contingency table?), and so far there hasn't been any rigorous assessment of its effectiveness, but they are the only browser vendor that's even made an effort to look beyond the cert/no cert boolean option. (In addition, Infocard was an attempt at building a better auth.infrastructure, not necessarily motivated by owning the market. The problem there was that it was sold as Microsoft Infocard, if they'd called it OpenSomethingorother, say "OpenID", then no-one would have had a problem with it). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography