Re: Java (was Netscape: the big win)

[cman@communities.com (Douglas Barnes)]

>So, what would be a "cypherpunk" thing you could do with Java?  I know
>I can use it to download little applets to my system to do animations.
>What can it do to enhance my privacy?  What would be the Java equivalent
>of PGP?
>

Portable PGP with a GUI interface that didn't suck?

Note that I'm championing the use of Java as a portable language,
with a portable windowing toolkit, that will (real soon now) have
commercial tool support from a variety of vendors, as well as free
tools available on the net (the best of both worlds.)

The whole issue of how to do cryptography with applets is kind of
complicated, and is something Amanda and I have been working on very
dilligently. They hard part is determining what the interface is
between trusted code (that you have installed on your machine, or
ultimately, that you've specifically designated as being trusted
based on secure hash) and untrusted code that comes from random
web sites on the net.

In general, for any general-purpose cryptography tool, you're going
to want almost all of it to be based on locally-installed, trusted
code. Certain protocols can actually work much better using applets,
but they should only be allowed to access a very narrow set of local
routines that directly interface with the user. (e.g. "Do you really want
to sign this?", "Confirmed signed by so-and-so.", etc.)

This is, however, a separate issue from the use of Java to do
standalone applications.

See: http://www.cs.utexas.edu/users/achou/JCrypt/packages.html