Java & signed applets

Bill Frantz frantz at netcom.com
Fri May 17 18:44:00 PDT 1996


At  8:02 AM 5/16/96 -0700, Lyal Collins wrote:
>Signing anything is somewaht a waste of time, unless the verification
>siftware is highly trusted, and there is good intergity/authenticity
>control of the root public key(s).
>So, in geneal - ho hum - until trusted hardware is available on the 
>desktop.

A bootable CD-ROM from a reliable source to verify signatures would be much
safer than no signatures at all.  Even just running the signature
verification program from CD-ROM would make an attacker's problem more
difficult.

BTW - The problem is not trusted hardware.  It is software that can isolate
untrusted programs and protect itself.  Anything with an A or B NCSC
security rating would certainly be attractive.  Trusted signature
verification hardware accessed by a compromised system can't be trusted. 
(How do you know what was given to the hardware to be verified?  How do you
know that the answer came from the hardware?)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA









More information about the cypherpunks-legacy mailing list