On Tue, 30 Jul 1996, Ray Kaplan wrote:
> > Java Security? What security? You either trust the VM or you don't,
Java is bad, methinks active X may be worse.
> Indeed, however, considering that there is currently no authentication,
> this is almost a no op. Discounting bugs in the particular client VM,
> there is an open question: can you trust the applet itself. Nope, not
> by definition. Hop on over to one of the many "malicious" applet
> providing sites and see how well your netscape gets hammered (via Java
> and HTML) for a demonstration of this. In my perfect world (which seems
> to be where Sun and other are going), you'd sign your applet and it's
> end user would make the decision to trust you (or not, as it were.)
I for one, don't find this to be a "perfect world". It's bad enough
getting my users to understand how to select a secure password, and
that you shouldn't write it on a sticky note pasted to the monitor. Now
I'm supposed to explain to them the variances of extending trust?
> I've a model for "applet brokering" which includes the usual digital
> signatures for authentication / integrity, AND some other stuff that is
> pretty ugly. Consider that you'll need *someone* to guarentee that the
> applet is safe *and* someone to ensure that the client won't allow abuse.
> A pretty big mess, me thinks. Although, maybe we'll see a few more
> millionaires as companies are formed to tackle these tough jobs ;)
Methinks "applet scanners" could become a buzzword.
> > Problem with malicious applets is, assuming
> > they are able to break out of the VM, that they can attack the hosts
> > you thought were secure, because they run from inside your Firewall.
Which menas they shouldn't be able to break out of the VM. Not a simple
task, but certainly not unattainable.
> Yep, but consider that this implies an interesting and very onerous
> (impossible?) responsibility for every PC on the net? Whoooa. Sounds
Worse, with signed applets and the like, it starts to place the
implementation of security policy on the end-user. This is Not a Good
> of a chosen security policy. And, finally, the really tough nut - it would
> be great if the policy could be mapped seamlessly into that of the security
> domain which provided the applet (for purposes of access control and
> authorization...) IMHO, very few firewalls even can do that stuff today.
This is starting to become essential.
Paul D. Robertson "My statements in this message are personal opinions
net which may have no basis whatsoever in fact."