[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: REM_ote

To: [email protected]
Subject: Re: REM_ote
From: Alex Strasheim <[email protected]>
Date: Sat, 24 Feb 1996 14:31:49 -0600 (CST)
In-Reply-To: <[email protected]> from "Adam Shostack" at Feb 24, 96 02:42:22 pm
Sender: [email protected]

> 	Until there's security oriented configurability, I can't say
> Netscape has anything better than an acceptable record.  They do a
> decent job of fixing the bugs, but only if you can enfore deployment
> of a new version, and ensure that old, bad features are not used.

I guess that I have confidence in Netscape because they have a history of 
responding to concerns posted here and elsewhere.  Security oriented 
configurability will be a good test -- I would be surprised if it doesn't 
come out soon.

What are we talking about specifically when we talk about security
oriented configurability?  Rather than just turning java(script) on and
off, wouldn't it be useful to piggyback off of the X.509 system that's
already in place?

For every CA's or server's cert, they'd just have to add two checkboxes:  
whether or not to run java applets or javascript code from servers 
vouched for by those certs.  Is that what people mean when they talk 
about configurability, or just the ability to shut down java*script) all 
together?

References:
- Re: REM_ote
  - From: Adam Shostack <[email protected]>

Prev by Date: Re: Conference report - resolving security workshop
Next by Date: Re: [Off topic] Re: Easy Nuclear Detonator
Prev by thread: Re: REM_ote
Next by thread: Re: REM_ote
Index(es):
- Date
- Thread