There has been a lot of discussion on coderpunks about implementing cryptography in Java. This got me thinking. We don't see every C++ compiler using the same back end. So why is everyone licensing Sun's Java implementation? As a consequence of this if there is a bug in Sun's implementation, then that bug exists in every Java implementation. Imagine a future scenario
Why does everyone licensing Microsloth's MS-DOS implementation? If (If :) there's a bug in MS's implementation, then that bug . . . . It's done, it's available, it (mostly) works. I believe that there's a Mac version called Roaster for Macs that even came out before Sun had a Mac port.
where a virus/worm takes advantage of a single Java bug and infects 90% of all computers attached to the Internet overnight. There may not be much we can do about this, but we should at least be more aware of the possibility.
But when we get signed classes you'll at least know whom to go after if it does.
On a more positive note, has anyone thought of writting a remailer server or client in Java? It would be really nice if we could run or use a remailer by clicking a link on the web.
Client would be kinda difficult to do until there's a crypto lib available. Either that, or you'd have to load it from local disk so you could run PGP (the security model for applet hosts such as NS prevents exec'ing outside programs from code thats loaded from the network) which kinda defeats the purpose of doing it in Java (aside from a single cross platform front end). A server, being a stand alone app most likely, would be doable but again you'ld need a native PGP for the crypto. --- Fletch __`'/| fletch@ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------