- Status
Hungry Man
New Member
- Jul 21, 2011
- 669
There are a few problems with the certificate system.
One is that levels are only used on the certificate end ie:
Verisign has multiple levels of certificate authenticity but Windows doesn't actually care - they're all considered trusted.
The other is that that certs are used for UAC and UAC is flawed. You have certs from sites that may not be that amazing/compromised and as soon as they're used the application gets full access. It's a bit silly.
I like the cert system and I would definitely use it in a security model but the implementation is kinda lame.
One is that levels are only used on the certificate end ie:
Verisign has multiple levels of certificate authenticity but Windows doesn't actually care - they're all considered trusted.
The other is that that certs are used for UAC and UAC is flawed. You have certs from sites that may not be that amazing/compromised and as soon as they're used the application gets full access. It's a bit silly.
I like the cert system and I would definitely use it in a security model but the implementation is kinda lame.
- Status
Similar threads
