Mindshare and Java

E. ALLEN SMITH EALLENSMITH at ocelot.Rutgers.EDU
Sun Apr 28 21:45:35 PDT 1996


From:	IN%"ses at tipper.oit.unc.edu"  "Simon Spero" 26-APR-1996 02:36:25.74

>In SolidOak, the verification is more or less free of charge, as it runs
>the signature code in a separate low priority thread, which often gets to
>complete during network induced latencies when fetching sub-classes, which
>can be initiated on class download before the code is instantiated.It also
>allows multiple classes to verified with just one PKOP, so the cpu cost 
>is amortised over a lot of stuff

	Umm... doesn't that allow code with a faked signature to be temporarily
trusted, long enough to possibly do some damage? For instance, in fetching
sub-classes, what is the code allowed to "know" in fetching them? Such
information could be sent out, including by what the code was requesting.
	Sorry if the above is not applicable; please explain why not, if so.
	-Allen






More information about the cypherpunks-legacy mailing list