[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mindshare and Java

To: [email protected]
Subject: Re: Mindshare and Java
From: "E. ALLEN SMITH" <[email protected]>
Date: Sun, 28 Apr 1996 18:27 EDT
Cc: [email protected]
Sender: [email protected]

From:	IN%"[email protected]"  "Simon Spero" 26-APR-1996 02:36:25.74

>In SolidOak, the verification is more or less free of charge, as it runs
>the signature code in a separate low priority thread, which often gets to
>complete during network induced latencies when fetching sub-classes, which
>can be initiated on class download before the code is instantiated.It also
>allows multiple classes to verified with just one PKOP, so the cpu cost 
>is amortised over a lot of stuff

	Umm... doesn't that allow code with a faked signature to be temporarily
trusted, long enough to possibly do some damage? For instance, in fetching
sub-classes, what is the code allowed to "know" in fetching them? Such
information could be sent out, including by what the code was requesting.
	Sorry if the above is not applicable; please explain why not, if so.
	-Allen

Prev by Date: Re: CryptoAnarchy: What's wrong with this picture?
Next by Date: Re: CryptoAnarchy: What's wrong with this picture?
Prev by thread: Re: Mindshare and Java
Next by thread: Re: Mindshare and Java
Index(es):
- Date
- Thread