[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sun speaks out - but not to the cypherpunks
-----BEGIN PGP SIGNED MESSAGE-----
In article <[email protected][126.96.36.199]>,
Todd Glassey <[email protected]> wrote:
[ lines marked > > are from [email protected] (Dr. Frederick B. Cohen) ]
> Pardon the flame but I really have just about heard enough of this BS...
> >> The area where we can (must) build trust is the computing base.
> >> Traditionally, this has been the OS, but in the case of java, it is
> >> the java interpreter (such as netscape 2.0 and hotjava). The browser
> >> is now the TCB (trusted computer base) for all practical purposes...
> >Read: The Java interpreter is supposed to be a TCB.
> >Who here truly believes that the implementations of Java meet the
> >requirements of a TCB?
> Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava.
[ ... flame deleted ... ]
No, here I think Dr. Cohen's comments are right on the mark.
The Java interpreter *is* supposed to be a trusted computing base.
Do we have any reason to believe that this trust is well-placed?
(If you don't agree, go through the Orange Book evaluation criteria,
and pay special attention to the assurance sections...)
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Comment: Gratis auto-signing service
-----END PGP SIGNATURE-----