From: todd@lgt.com (Todd Glassey)
Date: Tue, 24 Oct 95 12:54:37 PDT
To: daw@lagos.CS.Berkeley.EDU (David A Wagner)
Subject: Re: Sun speaks out - but not to the cypherpunks
Message-ID: <v02110104acb2f2b8513a@[204.156.156.4]>
MIME-Version: 1.0
Content-Type: text/plain


>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <v02110101acaf51651ef9@[204.156.156.4]>,
>Todd Glassey <todd@lgt.com> wrote:
>[ lines marked > > are from fc@all.net (Dr. Frederick B. Cohen) ]
>> Pardon the flame but I really have just about heard enough of this BS...
>[...]
>> >> The area where we can (must) build trust is the computing base.
>> >> Traditionally, this has been the OS, but in the case of java, it is
>> >> the java interpreter (such as netscape 2.0 and hotjava).  The browser
>> >>  is now the TCB (trusted computer base) for all practical purposes...
>> >
>> >Read: The Java interpreter is supposed to be a TCB.
>[...]
>> >Who here truly believes that the implementations of Java meet the
>> >requirements of a TCB?
>[...]
>> Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava.
>[ ... flame deleted ... ]
>
>
>No, here I think Dr. Cohen's comments are right on the mark.
>
>The Java interpreter *is* supposed to be a trusted computing base.
>Do we have any reason to believe that this trust is well-placed?
>
>(If you don't agree, go through the Orange Book evaluation criteria,
>and pay special attention to the assurance sections...)
>- ---
>[This message has been signed by an auto-signing service.  A valid signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBMIwG2CoZzwIn1bdtAQEpowGAgHiyk0tTQk5SO/3TR5EZRMFmUy/TjQmu
>NbYIt0R/Tf0g9xWbolm5XN0alu947uJs
>=UZH0
>-----END PGP SIGNATURE-----


Sorry abopt the above flame-war I caused.

My point was almost benign in and of itself. Yes, the Java concept is
sound, No, the currently available implementation has some real
architectural considerations that must be addressed in order that we can
build a stable and secure platform atop it.

My real issue is that there is so much time spent on this list knocking the
individual spokes that make up this wheel we call Electronic Commerce, that
it is more and more costly to filter out the technology from the background
noise. Still because of the value of that technology, I and others are
forced to spend precious hours reviewing all that comes across our desks.

Bluntly being an active member of several Security and Payment Mechanism
working groups I view some 150+ pieces of email a day and sometimes get
frustrated by the amount of noise, or the roar in the background, about
what are to the largest percentage of us, meaningless dribble... Still
there is the occaisional golden nugget that makes it all worth while..

Again My apologies to have stirred up this mess. I will retreat under my
desktop from the mele' that seems to be unending.

Todd




Regards,

T. S. Glassey
Chief Technologist
Looking Glass Technologies
todd@lgt.com

(415) 324-4318


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a
XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0
0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y
=bTYb
-----END PGP SIGNATURE-----