Mindshare and Java
Rich Graves
llurch at networking.stanford.edu
Sun Apr 28 02:43:27 PDT 1996
On Sat, 27 Apr 1996, Simon Spero wrote:
> On Sat, 27 Apr 1996, Rich Graves wrote:
>
> > I think it would be a waste of time to build a multitiered security model
> > where applets with certain classes of signatures would be allowed to do
> > more. But signatures are still useful in a flat security model.
>
> Can you explain a bit more about why you think a multitiered model is not
> useful? I thought the general rule of thumb was to execute code with the
> minimum privileges necessary- are you advocating a single all-or-nothing
> approach?
Er, yes, I see I misspoke again. (Speaking well outside my areas of
technical expertise tends towards the manifestation of such gaffes, so I'd
be perfectly happy just to shut up if y'all would stop asking me direct
questions.)
To the extent I have any clue what I mean myself, my position is that the
privileges accorded to a particular bit of untrusted code should not be
derived automatically from the signature on said code.
-rich
More information about the cypherpunks-legacy
mailing list