signing applets a solution? Never!

[Hal <hal () mrj com>]

We are seeing a big upswing in the use of applets of all kinds but we have almost no way to control them short of 
shutting the gate and we can't do that anymore.  Some people  say signing is the solution but I see real problems with 
that. One was mentioned by someone on this list a few days ago, namely hacking  in to get at a companies signature. 
But, I worry more about getting an applet, not signed by a well known company which may have been potentially hacked, 
rather from a company I've never heard of.  A signature  only provides authentication and integrity.  It doesn't says a 
thing about reliability.  Anyone with a few bucks and a BNL number can potentially get a authoring certificate. As it 
now stands, signed applets are seriously flawed and unsafe. 

That aside, I am interested in separating good applets from bad ones at the firewall. Relying on the (flawed) applet 
signature schemes is it possible to check signatures fast enough so that the firewall
doen't need a high end SGI box or special siganture hardware? The alternative or decentralized approach  (favored by 
the signed applet crowd) is to let each broswer in a protected network make its own decision. Excuse me, but doesn't 
experience show that that's not real smart?  

There are proposals (W3) incorporating some thing like the web of trust for an applet so you can at least see if the 
author is thought reliable by someone you trust to say so.  But that leaves the second problem of speed. 

These tasks may just be asking too much from a firewall.