Re: Applet security (was Re: ActiveX security hole reported).

• To: www-security@ns2.rutgers.edu
• Subject: Re: Applet security (was Re: ActiveX security hole reported).
• From: "David M. Chess" <CHESS@watson.ibm.com>
• Date: Wed, 28 Aug 96 11:01:31 EDT

> From: Michael Burati <burati@apollo.hp.com>

> The above is too binary for me (either I trust everything that's signed or
> not).  What I really want is authorization based on who signed the applet
> or by anything signed by a particular CA.  Any unsigned applet should be
> relegated to working within the limited sandbox given to it by the browser.

Yeah, that's certainly what you want, and what most of us techie-types
want (or claim that we want).  But is it what the typical corporate
CIO wants, or should want?  Should individual users be making that
sort of fine-grained decisions?  Should, for that matter, even
sysadmins be making that sort of fine-grained decision?  If we're
talking bet-the-company here, it would seem plausible to me that
a typical corporate installation would want to keep untrusted apps
from doing anything at all, and (for reasons of convenience) would
want to allow trusted apps to do many/most things.  At least, that's
what the scenario is based on.

Certainly the kind of thing you suggest is one of the things
that would inhibit this scenario.  *If* there are enough people
out there calling for finer-grained access control, it'll
probably get implemented.  Then *if* it actually works, and
enough people start to use it, it might become the norm.

On the other hand, the very-coarse-grained and simpleminded
applet-control systems that we have now are already complex
enough that they seem rather bug-ridden.  A system offering
more fine-grained and selective access control is likely to
be even buggier, and of course now you'll also be able to
accidentally misconfigure it (and most people who bother to
change the defaults will in fact do so).

I'm not claiming I entirely believe this particular scenario,
but it's kinda fun to defend...   *8)

(P.S. Forgive me if I misinterpreted your posting; I wasn't
suggesting that people would trust all and only those things
that were signed by *anyone*.  This particular scenario calls
for people to trust all and only those things that are signed
by one of some short-list of principles, probably including
existing major software producers.)

- -- -
David M. Chess                    /   ROT13 is my radio station!   /
High Integrity Computing Lab
IBM Watson Research

• Previous: Re: Microsoft Merchant Server
• Next: Re: Applet security (was Re: ActiveX security hole reported).
• Index(es):
  • Index
  • Thread