RE: signed applets a solution --maybe!

[Hal <hal () mrj com>]

I pretty much agree with what you say.  Here's my problem: A web page comes into my system and with it three objects: 
one is java from xyz company another VB does commo and is from Microsoft and the third is, a very useful component from 
a company whose name reguires characters drawn from the international topography typeset.  (Their name has no latin 
letter equivalent, Japanese for example). Lets say they are all signed!   How do I know if its ok to load these 
objects? Answer --I don't and I can't.
Has risk been reduced? Yes, somewhat on the xyz and microsoft is (i guess) ok. But what about object three. I am now 
forced into "branding"  To play it safe I admit only objects authored by a well known institution  in other words, name 
brands. In the end perhaps that the best we can hope for.  (People now usually say something about letting the 
marketplace decide.)
-
As to the firewall vs distributed control I am not certain its clear who is going to win that arguement. There is a 
growing body of users who suspect the merits of a firewall. They are web users and firewalls get in their way because 
it prevents their arbitrarily using any port at any time.  An increasing number of web services ordinary and not so 
ordinary are feeding this trend. 

----------
From:   Rachel Rosencrantz[SMTP:rachel () predictive com]
Sent:   Sunday, December 14, 1997 1:08 PM
To:     hal () mrj com
Cc:     firewall-wizards () nfr net
Subject:        Re: signed applets a solution  --never!

Hal said:
> When I received a signed applet with one popular browser based system a 
> large, suitable-for-framing certificate appears across my screen so 
> officious and grand in appearance as to resembles a 19th century  peace 
> treaty. The grander its appearance the truer its claim?  It works for 
> advertising so why not here?   With all confidence games each mark gets to 
> answer the simple question: allow access or not. Can you resist? Will your 
> users?  

I think the real usability/benefits of signed applets is _not_
going to be found when you let the users make the decision.  A signed
applet is not enough to guarantee an applet.  (And who says users
are going to care if something is signed.  They'll probably set the
option to autoaccept.)  The reason I think that signed applets can
be at all useful is if they can be filtered at the gateway to
the internet point.

Why?  Well, whether I like it or not, there are companies who are 
now providing documentation over the web and requiring an applet
to get at the documentation.  This is probably not the only 
case where companies are going to provide things that are "vital"
to the functioning of their customers over the web with an applet.
As much as I might want to tell them, do it some way without active
content, if the distribution method doesn't change, and the company
thinks this is critical to operation, then the data must go through.
At least with a signature you get a slightly better assurance that
the app isn't a hack than if you just allow java from that site
to come in.  

If you download a patch to the operating system relying on the digital
signature or MD5 hash to verify the validity of the patch you really
are doing the same thing, only there is no sandbox for that /bin/login
patch that gets installed.  


-Rachel