An attack on paypal --> secure UI for browsers
Joseph Ashwood
ashwood at msn.com
Tue Jun 10 19:20:27 PDT 2003
----- Original Message -----
From: "Anonymous" <rebleep at bleep.dynip.com>
Subject: Re: An attack on paypal --> secure UI for browsers
> In short, if Palladium comes with the ability to download site-specific
> DLLs that can act as NCAs
Ok what flavor of crack are you smoking? Because I can tell from here that's
some strong stuff. Downloading random DLLs that are given complete access to
private information is one of the worst concepts that anyone has ever come
up with, even if they are signed by a "trusted" source. Just look at the
horrifically long list of issues with ActiveX, even with WindowsXP (which
hasn't been around that long) you're already looking at more than half a
dozen, and IIRC win95 had about 50. This has less to do with "windows is
bad" than with "secure programming is hard." Arbitrarily trusting anyone to
write a secure program simply doesn't work, especially when it's something
sophisticated.
Now for the much more fundamental issue of your statement. Palladium will
never "download site-specific" anything. Palladium is a hardware technology,
not a web browser.
I will refrain from saying Paladium is a bad idea, simply because I see some
potentially very lucrative (for me) options for it's use.
Joe
More information about the cypherpunks-legacy
mailing list