[E-Lang] E FAQ

[Mark S. Miller]

At 07:02 PM 10/11/2001 Thursday, Jonathan S. Shapiro wrote:
>> Our argument with Java is not primarily about whether they achieve their
>> stated technical security objectives.  It is about the choice of
>objectives.
>
>To the extent that the Java security architecture makes design embeddings
>that facilitate such flaws (which it does), I am not sure I agree.

To that extent, fine.  We should in fact have both arguments.  I was trying 
to say, perhaps badly, that of the two, the argument about objectives is 
terribly more important.  A simple design could also satisfy perimeter 
security by itself: the OS without system calls.  By its simplicity, it 
would not facilitate flawed embeddings.  We could have a level of confidence 
in its security vastly greater than the confidence we'd ever achieve in an 
OS in which processes can do anything.  But our argument against it would be 
the same.  We're optimizing for something other than simply being "more 
secure". We need better ways of saying what that is.


        Cheers,
        --MarkM