Joseph Ashwood writes:

Ok what flavor of crack are you smoking? Because I can tell from here that's some strong stuff. Downloading random DLLs that are given complete access to private information is one of the worst concepts that anyone has ever come up with, even if they are signed by a "trusted" source. Just look at the horrifically long list of issues with ActiveX, even with WindowsXP (which hasn't been around that long) you're already looking at more than half a dozen, and IIRC win95 had about 50. This has less to do with "windows is bad" than with "secure programming is hard." Arbitrarily trusting anyone to write a secure program simply doesn't work, especially when it's something sophisticated.

You clearly know virtually nothing about Palladium. NCAs do not have "complete access to private information". Quite the opposite. Rather, NCAs have the power to protect private information such that no other software on the machine can access it. They do so by using the Palladium software and hardware to encrypt the private data. The encryption is done in such a way that it is "sealed" to the particular NCA, and no other software is allowed to use the Palladium crypto hardware to decrypt it. In the proposed usage, an NCA associated with an ecommerce site would seal the data which is used by the user to authenticate to the remote site. The authentication data doesn't actually have to be a certificate with associated key, but that would be one possibility. Only NCAs signed by that ecommerce site's key would be able to unseal and access the user's authentication credentials. This prevents rogue software from stealing them and impersonating the user.

Now for the much more fundamental issue of your statement. Palladium will never "download site-specific" anything. Palladium is a hardware technology, not a web browser.

If you read the entire message it was clearly referring to a Palladium-enabled web browser. And Palladium is more than a hardware technology; it includes hardware and software components.

I will refrain from saying Paladium is a bad idea, simply because I see some potentially very lucrative (for me) options for it's use.

Fine, at least you admit you're a whore. But you'll probably do even better if you learn how it actually works. Seriously, have you read any of the documents linked from http://www.microsoft.com/resources/ngscb/?