[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: once again

To: [email protected], [email protected]
Subject: Re: once again
From: [email protected] (Bill Frantz)
Date: Tue, 30 Apr 1996 23:44:35 -0700
Sender: [email protected]

At  2:02 PM 4/30/96 -0400, Perry E. Metzger wrote:
>I fully understand that Java is a general programming language and can
>do I/O. However, "Safe" Java subsets, like the ones used for writing
>applets or presumably the ones that would be needed for markets in CPU
>cycles, do not do i/o. One could add i/o to the suite, but that would
>be dangerous.

If I were as worried about Java security as Perry is, I would still
consider running Java (or C or C++) programs as part of certain markets in
CPU cycles because I would trust their source.  (IMHO, much better than
trusting every web page I access.)

A single example.  I could see a network-wide factoring attack on the key
NSA uses to GAK the extra bits in Lotus Notes.  Such an effort would run a
single program, which would be available in source.  Depending on the
details, I could either compile the program locally, or down load a signed
copy of the object code/class file.  The same argument applies to rendering
e.g. Toy Story.

This restriction does not provide for CPU cycle markets in arbitrary
programs, but I think that a significant market could still develop under
this limit.

------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA

Prev by Date: Re: no-cost DH?
Next by Date: Re: ITARs and the Export of Classes and Methods
Prev by thread: once again
Next by thread: ITARs and the Export of Classes and Methods
Index(es):
- Date
- Thread