Re: Applet security (was Re: ActiveX security hole reported).

To: Alireza Bahreman <bahreman@eit.com">bahreman@eit.com>, www-security@ns2.rutgers.edu
Subject: Re: Applet security (was Re: ActiveX security hole reported).
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Fri, 30 Aug 1996 10:04:50 -0700
In-Reply-To: Alireza Bahreman <bahreman@eit.com> "Re: Applet security (was Re: ActiveX security hole reported)." (Aug 30, 9:38)
References: <2.2.32.19960830163833.0074f0f0@pop.eit.com>
Reply-To: Paul Rarey <Paul.Rarey@Clorox.com>

On Aug 30,  9:38, Alireza Bahreman wrote:
> Subject: Re: Applet security (was Re: ActiveX security hole reported).
>1) The class file is extended to include the object signature block.  No other 
>   enveloping mechanis is used.  See http://eco.eit.com/solidoak/

Understood - I lean toward a MIME based mechanism though....

>2) Actually, it is based on RFC-1847 and nothing prevents S/MIME being used to 
>   provide the MIME security.  If you are interested, please view:
>        http://eco.eit.com/mapplet/

:-) I would prefer a complete 1847 or MOSS over S/MIME which doens't do 
multipart/encrypted.

>3) You are right.  Using SSL requires trust in the server AND that no one has 
>   managed to spoof the server using man in the middle kind of an attack.

:-) Read my msgref again, ment to say "in"complete. You seem to'v got the drift 
though.

Cheers!
[ psr ]

References:

Re: Applet security (was Re: ActiveX security hole reported).

From: Alireza Bahreman <bahreman@eit.com>

From:

Previous: Re: Applet security (was Re: ActiveX security hole reported).
Index(es):
- Index
- Thread