-----BEGIN PGP SIGNED MESSAGE----- In article <v02110101acaf51651ef9@[204.156.156.4]>, Todd Glassey <todd@lgt.com> wrote: [ lines marked > > are from fc@all.net (Dr. Frederick B. Cohen) ]
Pardon the flame but I really have just about heard enough of this BS... [...]
The area where we can (must) build trust is the computing base. Traditionally, this has been the OS, but in the case of java, it is the java interpreter (such as netscape 2.0 and hotjava). The browser is now the TCB (trusted computer base) for all practical purposes...
Read: The Java interpreter is supposed to be a TCB. [...] Who here truly believes that the implementations of Java meet the requirements of a TCB? [...] Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava. [ ... flame deleted ... ]
No, here I think Dr. Cohen's comments are right on the mark. The Java interpreter *is* supposed to be a trusted computing base. Do we have any reason to believe that this trust is well-placed? (If you don't agree, go through the Orange Book evaluation criteria, and pay special attention to the assurance sections...) - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMIwG2CoZzwIn1bdtAQEpowGAgHiyk0tTQk5SO/3TR5EZRMFmUy/TjQmu NbYIt0R/Tf0g9xWbolm5XN0alu947uJs =UZH0 -----END PGP SIGNATURE-----