In-Reply-To: <Pine.BSO.4.33.0208031620550.8632-100000@moxie.thoughtcrime.org> Given my background in cryptographic programming, it is difficult for me to imagine how the cause of this alleged vulnerability could be explained as programmer error or oversight. Yet I cannot fathom why MS would purposely skip such a basic step. I am waiting to hear Microsoft's side of the story. Because it goes to a core issue of whether or not they themselves are trustworthy. My car has airbags which protect me in a collision. Imagine if the manufacturer forgot to install them. What explanation is satisfactory in that circumstance? A huge amount of infrastructure is managed remotely via SSL and IE these days. It just boggles the mind the extent to which the security integrity of that infrastructure is now under a cloud unknowing.
