[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sun speaks out - but not to the cypherpunks


In article <[email protected][]>,
Todd Glassey <[email protected]> wrote:
[ lines marked > > are from [email protected] (Dr. Frederick B. Cohen) ]
> Pardon the flame but I really have just about heard enough of this BS...
> >> The area where we can (must) build trust is the computing base.
> >> Traditionally, this has been the OS, but in the case of java, it is
> >> the java interpreter (such as netscape 2.0 and hotjava).  The browser
> >>  is now the TCB (trusted computer base) for all practical purposes...
> >
> >Read: The Java interpreter is supposed to be a TCB.
> >Who here truly believes that the implementations of Java meet the
> >requirements of a TCB?
> Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava.
[ ... flame deleted ... ]

No, here I think Dr. Cohen's comments are right on the mark.

The Java interpreter *is* supposed to be a trusted computing base.
Do we have any reason to believe that this trust is well-placed?

(If you don't agree, go through the Orange Book evaluation criteria,
and pay special attention to the assurance sections...)
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

Version: 2.6.2
Comment: Gratis auto-signing service