At 7:10 PM 5/4/96, Blake Coverett wrote:

I was right in the first message... it is a reputation thing. We don't disagree on any of the fact here, just on their implications.

I see this from the point of view of the author of these native methods, cypherpunk still do write code sometimes. From that point of view where is the difference between calling my native code methods and calling the java.awt.*, or netscape.* methods that are native code? Yes, either can do anything they want, irregardless of the SecurityManager.

For J. Random User on the net, Sun/Netscape's reputations are fairly strong and mine is non-existent. For the corporate IS folks to whom I contract this situation is reversed. (Despite impressive IPOs I still get a lot of friction about 'programs downloaded from the net'.)

By the way, I think "reputation webs" may get one of their earliest uses in this situation, with applets or chunks of code being "vouched for" by testing or credentialling agencies, analogous to Good Housekeeping Seals and Underwriter's Laboratories. (This model applies to more than just Java applets, of course. To some extent, reviews of programs and testing of snippets of code has always involved this "reputation rating" process...I'm just suggesting it could be implemented in-line with the runtime environment....) While we often talk about the human example, where we want to do nifty things like rank and rate the postings of J. Random User by what others we trust (or don't trust) are saying, the fact is that most people are willing to see what J. Random User is writing and judge for themselves. Hence, reputation markets (what I'm calling "reputation webs," as with "webs of trust") have been slow to take off in human communication circles. (At least automated, that is.) For Java applets, once digital signatures are supported we have the possibility of automating the checking of who has said good things about the applets, who has said bad things, how much faith we place in these opinions, and so on. Almost a class hierarchy in itself (though mix-ins might be useful, as the hierarchy is not strictly single-inheritance, it seems). Thus, the "Wall Street Testing Agency," with various stringent policies about what applets can do and what they must not be allowed to do, may have ratings of applets, keeping even Perry happy. Someone at a Wall Street firm could then screen out applets based on these ratings. Others might have completely different criteria. (And the web could change dynamically, as the user's environment changed. For example, a PC used largely for games will likely have a different model of whom to trust than a workstation used for high finance. And one could imagine moving sensitive files to a removable disk, popping out this disk, and then altering the settings to reflect a lower perceived risk.) Virus checking is to some extent already in this model, with "well-regarded" virus checkers acting as a gatekeeper of sorts. One might even (hopefully!) be able to integrate this directly into one's programming environment. Maybe the "SecurityManager" class could be turned into a "ReputationManager" class, with today's "SecurityManager" being just one of many possible configurations (e.g., the one JavaSoft is recommending). And the NSA and NCSC might have their own "Orange Book" sorts of requirements. Let a thousand flowers bloom...but keep track of their reputations. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."