Ed Felten has an article in RISKS Digest, Volume 18, Issue 83, http://catless.ncl.ac.uk/Risks/18.83.html called "Myths about digital signatures". It's focused on the "Microsoft Signed This ActiveX Applet So It Must Be Safe" delusion. Nothing we haven't heard before, but a good summary. He's also announcing a mailing list on security of Java/ActiveX/etc. =================================================== Mobile code security mailing list Edward Felten <felten@CS.Princeton.EDU> Wed, 19 Feb 1997 19:58:39 -0500 We are starting a moderated mailing list to discuss security issues relating to mobile code systems like Java, ActiveX, and JavaScript. To join, send e-mail to majordomo@cs.princeton.edu; your message body should contain the single line "subscribe secure-mobile-code" or if your desired TO: address is different from your FROM: address, "subscribe secure-mobile-code" (append your TO: address here) ================================================================== # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)