-----BEGIN PGP SIGNED MESSAGE-----

In article <v02110101acaf51651ef9@[204.156.156.4]>, Todd Glassey <todd@lgt.com> wrote: [ lines marked > > are from fc@all.net (Dr. Frederick B. Cohen) ]

...

Pardon the flame but I really have just about heard enough of this BS... [...]

...

...

The area where we can (must) build trust is the computing base. Traditionally, this has been the OS, but in the case of java, it is the java interpreter (such as netscape 2.0 and hotjava). The browser is now the TCB (trusted computer base) for all practical purposes...

Read: The Java interpreter is supposed to be a TCB. [...] Who here truly believes that the implementations of Java meet the requirements of a TCB? [...] Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava. [ ... flame deleted ... ]

No, here I think Dr. Cohen's comments are right on the mark.

The Java interpreter *is* supposed to be a trusted computing base. Do we have any reason to believe that this trust is well-placed?

(If you don't agree, go through the Orange Book evaluation criteria, and pay special attention to the assurance sections...) - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.]

-----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service

iQBFAwUBMIwG2CoZzwIn1bdtAQEpowGAgHiyk0tTQk5SO/3TR5EZRMFmUy/TjQmu NbYIt0R/Tf0g9xWbolm5XN0alu947uJs =UZH0 -----END PGP SIGNATURE-----

Sorry abopt the above flame-war I caused. My point was almost benign in and of itself. Yes, the Java concept is sound, No, the currently available implementation has some real architectural considerations that must be addressed in order that we can build a stable and secure platform atop it. My real issue is that there is so much time spent on this list knocking the individual spokes that make up this wheel we call Electronic Commerce, that it is more and more costly to filter out the technology from the background noise. Still because of the value of that technology, I and others are forced to spend precious hours reviewing all that comes across our desks. Bluntly being an active member of several Security and Payment Mechanism working groups I view some 150+ pieces of email a day and sometimes get frustrated by the amount of noise, or the roar in the background, about what are to the largest percentage of us, meaningless dribble... Still there is the occaisional golden nugget that makes it all worth while.. Again My apologies to have stirred up this mess. I will retreat under my desktop from the mele' that seems to be unending. Todd Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd@lgt.com (415) 324-4318 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0 0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y =bTYb -----END PGP SIGNATURE-----