[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mindshare and Java



From:	IN%"[email protected]"  "Simon Spero" 26-APR-1996 02:36:25.74

>In SolidOak, the verification is more or less free of charge, as it runs
>the signature code in a separate low priority thread, which often gets to
>complete during network induced latencies when fetching sub-classes, which
>can be initiated on class download before the code is instantiated.It also
>allows multiple classes to verified with just one PKOP, so the cpu cost 
>is amortised over a lot of stuff

	Umm... doesn't that allow code with a faked signature to be temporarily
trusted, long enough to possibly do some damage? For instance, in fetching
sub-classes, what is the code allowed to "know" in fetching them? Such
information could be sent out, including by what the code was requesting.
	Sorry if the above is not applicable; please explain why not, if so.
	-Allen