[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalka and ScottSmith of Johns Hopkins)
Tue, 2 Jan 2001 20:39:53 -0800
From: Marc Stiegler <email@example.com>
> Lastly, I do hope everyone understands that the ability to "sign" applets
> and applications has nothing to do with security. Signing apps is what
> marketing people propose when technical people explain that real security
> not possible; it allows the tool developer to blame the victim when a
> app engages in malicious action (hey, the victim authorized the app,
> he? It's his own fault).
I guess I don't understand. When I accept something signed by say Microsoft,
then unless the key used to sign it was stolen and not revoked then I can
trust it as much as a CD-ROM I bought from Microsoft. While that may not be
enough security for some purposes or contexts, to me that is a lot more
security than if I run some unsigned code.
Maybe it would even be possible to successfully sue the signer of the app if
it engages in malicious action.