From: IN%"ses@tipper.oit.unc.edu" "Simon Spero" 26-APR-1996 02:36:25.74

In SolidOak, the verification is more or less free of charge, as it runs the signature code in a separate low priority thread, which often gets to complete during network induced latencies when fetching sub-classes, which can be initiated on class download before the code is instantiated.It also allows multiple classes to verified with just one PKOP, so the cpu cost is amortised over a lot of stuff

Umm... doesn't that allow code with a faked signature to be temporarily trusted, long enough to possibly do some damage? For instance, in fetching sub-classes, what is the code allowed to "know" in fetching them? Such information could be sent out, including by what the code was requesting. Sorry if the above is not applicable; please explain why not, if so. -Allen