I recieved a copy of "Microsoft Interactive Developer" today in the mail. In it, it has a preview of Microsoft Explorer 3.0. (Flux by David Boling on page 120.) Of interest to Cypherpunks is this paragraph (in the section on OLE support in web browsers): "Since OLE controls could potentially pose a security problem, Microsoft is studying how to create an infrastructure to certify them. The idea is that, once certified, an OLE control would contain an RSA security signature indicating that it has passed muster -- the OLE eqivelent if the Good Housekeeping Seal of Approval! Users of Internet Explorer 3.0 could specify whether or not noncertified OLE controls should be loaded and executed by the browser." As a web developer, I have some problems with this scheme. Giving Microsoft access to virtually every OLE control on the Web does not make me more secure. Sounds like a way to rip off ideas from the rest of the development world. If someone has a control that might compete with a Microsoft product, it could be shelved and/or delayed for "further security testing". Java has a decentralized mechanism for security. No one group controls what is a "certified" control and what is not. You write the code and compile it and that is that. Furthermore, you are not stuck with Microsoft approved platforms. (I wonder if there will ever be a version of Explorer for the Mac.) I expect the Microsoft plan to garner a bit of resistance from the Web development community over this one... I do not expect to see many OLE crypto apps for the web with this plan. --- Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon