[Previous] [Next] [Index]
[Thread]
Re:
(Pre-Note: I got this information verbally. I have no written documentation
on it at all. None. Zilch. If I'm wrong, sorry. But I believe I'm right (of
course).)
At the WWW conference in Boston (4th Int'l Conference), Microsoft announced
(I believe they may have announced it prior to this conference, but *I*
hadn't heard about it) that they will be "authenticating" Java scripts with
some kind of "seal of approval". The idea is that they'll guarantee (for a
certain sum of $) that the script has passed all virus checks,
damage-to-whatever checks, etc. available at the time of approval. This may
solve the problem of accountability -- Microsoft will be accepting the
liability for suit based on a particular script.
Of course, this also means, in the future, that (since Microsoft will be the
first to make a site of this nature, and will naturally have the most $ to
back up their claim of reliability) if we do go to a machine which is based
entirely on Java, Microsoft will know every single thing you do -- imagine:
You download your word processor program. The browser sees that Microsoft
has "verified" this program and asks Microsoft to validate a checksum of
some kind. Microsoft now knows who you are (or at least where you are) and
what program you're running. Gee, how convenient ;)
As with any situation involving CA's, the solution is to have lots of CA's,
which creates problems of its own.
Just some thoughts and reports on the state of the universe.
later
DAT
>More importantly, users WON'T turn off Java. Animation and "cool
>graphics" are all part of the WWW addiction. The answer is not
>going to be found in telling users "don't do anything risky". We
>need to engineer systems that help assure accountability. We then
>need laws that hold people accountable. (I'm thinking of the
>digital signatures on Telescript scripts that (theoretically) ID
>the source (and verify the integrity) of the script. The script
>won't run unless verified and the source identified as trustworthy.
>Then, of course, the laws come into effect.... if the Trojan Horse
>was planted in such a way that the "source" didn't realize what
>was being "signed".... and who decides what "trustworthy" means....
>and who can sue who for how much.... and this requires a lot of
>legal groundwork that has yet to be started.)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Daniel A. Turner President, Turner Consulting Group |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| 2830 Calvert Street, N.W., Suite 2000; Washington, D.C. 20008 |
| Computer jacks-of-all-trades, specializing in Internet/WWW apps. |
| 202-986-5533(V) 202-986-5532(F) tcg@us.net(E) |
+++++++++++++++++++++++++++++++++++++++++++++++"Yes, it can be done"++