Firewall Wizards mailing list archives
Re: signed applets a solution --never!
From: Rachel Rosencrantz <rachel () predictive com>
Date: Sun, 14 Dec 1997 13:08:11 -0500 (EST)
Hal said:
When I received a signed applet with one popular browser based system a large, suitable-for-framing certificate appears across my screen so officious and grand in appearance as to resembles a 19th century peace treaty. The grander its appearance the truer its claim? It works for advertising so why not here? With all confidence games each mark gets to answer the simple question: allow access or not. Can you resist? Will your users?
I think the real usability/benefits of signed applets is _not_ going to be found when you let the users make the decision. A signed applet is not enough to guarantee an applet. (And who says users are going to care if something is signed. They'll probably set the option to autoaccept.) The reason I think that signed applets can be at all useful is if they can be filtered at the gateway to the internet point. Why? Well, whether I like it or not, there are companies who are now providing documentation over the web and requiring an applet to get at the documentation. This is probably not the only case where companies are going to provide things that are "vital" to the functioning of their customers over the web with an applet. As much as I might want to tell them, do it some way without active content, if the distribution method doesn't change, and the company thinks this is critical to operation, then the data must go through. At least with a signature you get a slightly better assurance that the app isn't a hack than if you just allow java from that site to come in. If you download a patch to the operating system relying on the digital signature or MD5 hash to verify the validity of the patch you really are doing the same thing, only there is no sandbox for that /bin/login patch that gets installed. -Rachel
Current thread:
- signed applets a solution --never! Hal (Dec 11)
- Re: signed applets a solution --never! Rachel Rosencrantz (Dec 14)