[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalka and ScottSmith of Johns Hopkins)

Jonathan S. Shapiro shap@cs.jhu.edu
Wed, 03 Jan 2001 10:28:05 -0500


Ken Kahn wrote:
 
> I guess I don't understand. When I accept something signed by say Microsoft,
> then unless the key used to sign it was stolen and not revoked then I can
> trust it as much as a CD-ROM I bought from Microsoft.

Which is to say, not at all. You are trusting literally hundreds of
thousands of people who operate in the total absence of either an
assurance process or even (in most cases) an understanding of security
concerns.

> Maybe it would even be possible to successfully sue the signer of the app if
> it engages in malicious action.

Our congress critters stripped us of that in UCITA. Now that the
miserable dumb fuckers here in Maryland have ratified UCITA, I suspect
we are going to be stuck with it for a long time.


Jonathan