[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java & signed applets

To: Lyal Collins <[email protected]>, "E. ALLEN SMITH" <[email protected]>
Subject: Re: Java & signed applets
From: [email protected] (Bill Frantz)
Date: Wed, 15 May 1996 22:58:51 -0700
Cc: [email protected]
Sender: [email protected]

At  8:02 AM 5/16/96 -0700, Lyal Collins wrote:
>Signing anything is somewaht a waste of time, unless the verification
>siftware is highly trusted, and there is good intergity/authenticity
>control of the root public key(s).
>So, in geneal - ho hum - until trusted hardware is available on the 
>desktop.

A bootable CD-ROM from a reliable source to verify signatures would be much
safer than no signatures at all.  Even just running the signature
verification program from CD-ROM would make an attacker's problem more
difficult.

BTW - The problem is not trusted hardware.  It is software that can isolate
untrusted programs and protect itself.  Anything with an A or B NCSC
security rating would certainly be attractive.  Trusted signature
verification hardware accessed by a compromised system can't be trusted. 
(How do you know what was given to the hardware to be verified?  How do you
know that the answer came from the hardware?)

------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA

Prev by Date: No Subject
Next by Date: Re: Java & signed applets
Prev by thread: RE: Java & signed applets
Next by thread: Re: Java & signed applets
Index(es):
- Date
- Thread