[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalka and ScottSmith of Johns Hopkins)

Ken Kahn KenKahn@ToonTalk.com
Tue, 2 Jan 2001 20:39:53 -0800


From: Marc Stiegler <marcs@skyhunter.com>
>
> Lastly, I do hope everyone understands that the ability to "sign" applets
> and applications has nothing to do with security. Signing apps is what
> marketing people propose when technical people explain that real security
is
> not possible; it allows the tool developer to blame the victim when a
signed
> app engages in malicious action (hey, the victim authorized the app,
didn't
> he? It's his own fault).
>

I guess I don't understand. When I accept something signed by say Microsoft,
then unless the key used to sign it was stolen and not revoked then I can
trust it as much as a CD-ROM I bought from Microsoft. While that may not be
enough security for some purposes or contexts, to me that is a lot more
security than if I run some unsigned code.

Maybe it would even be possible to successfully sue the signer of the app if
it engages in malicious action.

Best,

-ken