Re: Sun speaks out - but not to the cypherpunks

[daw@lagos.CS.Berkeley.EDU (David A Wagner)]

-----BEGIN PGP SIGNED MESSAGE-----

In article <v02110101acaf51651ef9@[204.156.156.4]>,
Todd Glassey <todd@lgt.com> wrote:
[ lines marked > > are from fc@all.net (Dr. Frederick B. Cohen) ]
> Pardon the flame but I really have just about heard enough of this BS...
[...]
> >> The area where we can (must) build trust is the computing base.
> >> Traditionally, this has been the OS, but in the case of java, it is
> >> the java interpreter (such as netscape 2.0 and hotjava).  The browser
> >>  is now the TCB (trusted computer base) for all practical purposes...
> >
> >Read: The Java interpreter is supposed to be a TCB.
[...]
> >Who here truly believes that the implementations of Java meet the
> >requirements of a TCB?
[...]
> Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava.
[ ... flame deleted ... ]


No, here I think Dr. Cohen's comments are right on the mark.

The Java interpreter *is* supposed to be a trusted computing base.
Do we have any reason to believe that this trust is well-placed?

(If you don't agree, go through the Orange Book evaluation criteria,
and pay special attention to the assurance sections...)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMIwG2CoZzwIn1bdtAQEpowGAgHiyk0tTQk5SO/3TR5EZRMFmUy/TjQmu
NbYIt0R/Tf0g9xWbolm5XN0alu947uJs
=UZH0
-----END PGP SIGNATURE-----