From: Bill Frantz <frantz@netcom.com>
Date: Fri, 28 Mar 1997 12:48:33 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Microsoft ammunition
In-Reply-To: <333AF0A6.6C81@sk.sympatico.ca>
Message-ID: <v03007808af61c44c0915@[207.94.249.140]>
MIME-Version: 1.0
Content-Type: text/plain


>From Infoworld:
>
> March 24, 1997
>...
>             If seamless, safe desktop access to remote files
>             on the Internet is the goal, Microsoft is spinning
>             its wheels. There is really only one way to
>             provide these features without introducing a local
>             security risk. You have to eliminate the
>             possibility that anything you run can affect your
>             local drives. Better still, get rid of your local
>             drives.

The author misses the point.  Whether your personal files are stored on a
local disk or on a server doesn't matter.  What matters is whether random
downloaded code (again, Java or ActiveX doesn't matter) can use your
authority to read/modify those files.  The ActiveX model of, "It's signed
by XYZ Corp.  Of course it's safe." is so much bullshit.*  The Java
approach of running untrusted code in a safe box is better, but doing it by
validating the safety of object code requires trusting a large complex
verifier.

* See Norm Hardy's paper, "The Confused Deputy", which I believe is still
available through the EROS page at the University of Pennsylvania.


-------------------------------------------------------------------------
Bill Frantz       | Back from caving in Borneo.| Periwinkle -- Consulting
(408)356-8506     | Great caves.  We mapped    | 16345 Englewood Ave.
frantz@netcom.com | 25KM on the expedition.    | Los Gatos, CA 95032, USA