Firewalls: RE: Java security

Firewalls
(July 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Java security
From:	"Paul D. Robertson" <proberts @ clark . net>
Date:	Tue, 30 Jul 1996 08:28:37 -0400 (EDT)
To:	Ray Kaplan <ray @ rayk . com>
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<v01510114ae2378f7179d @ [199 . 86 . 33 . 226]>

On Tue, 30 Jul 1996, Ray Kaplan wrote:

> > Java Security? What security? You either trust the VM or you don't,

Java is bad, methinks active X may be worse.

> Indeed, however, considering that there is currently no authentication,
> this is almost a no op. Discounting bugs in the particular client VM,
> there is an open question: can you trust the applet itself.  Nope, not
> by definition.  Hop on over to one of the many "malicious" applet
> providing sites and see how well your netscape gets hammered (via Java
> and HTML) for a demonstration of this.  In my perfect world (which seems
> to be where Sun and other are going), you'd sign your applet and it's
> end user would make the decision to trust you (or not, as it were.)

I for one, don't find this to be a "perfect world".  It's bad enough
getting my users to understand how to select a secure password, and
that you shouldn't write it on a sticky note pasted to the monitor.  Now
I'm supposed to explain to them the variances of extending trust?  

> I've a model for "applet brokering" which includes the usual digital
> signatures for authentication / integrity, AND some other stuff that is
> pretty ugly.  Consider that you'll need *someone* to guarentee that the
> applet is safe *and* someone to ensure that the client won't allow abuse.
> A pretty big mess, me thinks.  Although, maybe we'll see a few more
> millionaires as companies are formed to tackle these tough jobs ;)
> 

Methinks "applet scanners" could become a buzzword.

> > Problem with malicious applets is, assuming
> > they are able to break out of the VM, that they can attack the hosts
> > you thought were secure, because they run from inside your Firewall.

Which menas they shouldn't be able to break out of the VM.  Not a simple
task, but certainly not unattainable.

> 
> Yep, but consider that this implies an interesting and very onerous
> (impossible?) responsibility for every PC on the net?  Whoooa.  Sounds

Worse, with signed applets and the like, it starts to place the
implementation of security policy on the end-user.  This is Not a Good
Thing [tm].

> of a chosen security policy.  And, finally, the really tough nut - it would
> be great if the policy could be mapped seamlessly into that of the security
> domain which provided the applet (for purposes of access control and
> authorization...)  IMHO, very few  firewalls even can do that stuff today.

This is starting to become essential.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts @
 clark .
 net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

Follow-Ups:

Re: Java security
From: Can Baysal <baysalc @ boun . edu . tr>

References:

RE: Java security
From: ray @ rayk . com (Ray Kaplan)

Indexed By Date	Previous:	Re: ICMP protection. From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Date	Next:	Re: DESZIP From: shamrock @ netcom . com (Lucky Green)
Indexed By Thread	Previous:	RE: Java security From: ray @ rayk . com (Ray Kaplan)
Indexed By Thread	Next:	Re: Java security From: Can Baysal <baysalc @ boun . edu . tr>