From: agermain@cmp.com (Germain Arthur)
Date: Wed, 25 Oct 95 06:31:46 PDT
To: todd@lgt.com (Todd Glassey)
Subject: RE: Sun speaks out - but not to the cyph
Message-ID: <1995Oct25.093124.1151.341080@smtpgate.cmp.com>
MIME-Version: 1.0
Content-Type: text/plain



I have unsubscribed from this mailing list. Please remove my name from   
your personal address lists. Thanks.

ahg3

 ----------
From:  Todd Glassey[SMTP:todd@lgt.com]
Sent:  Tuesday, October 24, 1995 12:52 PM
To:  David A Wagner
Cc:  cypherpunks
Subject:  Re: Sun speaks out - but not to the cypherpunks


>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <v02110101acaf51651ef9@[204.156.156.4]>,
>Todd Glassey <todd@lgt.com> wrote:
>[ lines marked > > are from fc@all.net (Dr. Frederick B. Cohen) ]
>> Pardon the flame but I really have just about heard enough of this   
BS...
>[...]
>> >> The area where we can (must) build trust is the computing base.
>> >> Traditionally, this has been the OS, but in the case of java, it is
>> >> the java interpreter (such as netscape 2.0 and hotjava).  The   
browser
>> >>  is now the TCB (trusted computer base) for all practical   
purposes...
>> >
>> >Read: The Java interpreter is supposed to be a TCB.
>[...]
>> >Who here truly believes that the implementations of Java meet the
>> >requirements of a TCB?
>[...]
>> Dr. Fred, you seem to spend a lot of engery slamming Java and HotJava.
>[ ... flame deleted ... ]
>
>
>No, here I think Dr. Cohen's comments are right on the mark.
>
>The Java interpreter *is* supposed to be a trusted computing base.
>Do we have any reason to believe that this trust is well-placed?
>
>(If you don't agree, go through the Orange Book evaluation criteria,
>and pay special attention to the assurance sections...)
>- ---
>[This message has been signed by an auto-signing service.  A valid   
signature
>means only that it has been received at the address corresponding to the
>signature and forwarded.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>Comment: Gratis auto-signing service
>
>iQBFAwUBMIwG2CoZzwIn1bdtAQEpowGAgHiyk0tTQk5SO/3TR5EZRMFmUy/TjQmu
>NbYIt0R/Tf0g9xWbolm5XN0alu947uJs
>=UZH0
>-----END PGP SIGNATURE-----


Sorry abopt the above flame-war I caused.

My point was almost benign in and of itself. Yes, the Java concept is
sound, No, the currently available implementation has some real
architectural considerations that must be addressed in order that we can
build a stable and secure platform atop it.

My real issue is that there is so much time spent on this list knocking   
the
individual spokes that make up this wheel we call Electronic Commerce,   
that
it is more and more costly to filter out the technology from the   
background
noise. Still because of the value of that technology, I and others are
forced to spend precious hours reviewing all that comes across our desks.

Bluntly being an active member of several Security and Payment Mechanism
working groups I view some 150+ pieces of email a day and sometimes get
frustrated by the amount of noise, or the roar in the background, about
what are to the largest percentage of us, meaningless dribble... Still
there is the occaisional golden nugget that makes it all worth while..

Again My apologies to have stirred up this mess. I will retreat under my
desktop from the mele' that seems to be unending.

Todd




Regards,

T. S. Glassey
Chief Technologist
Looking Glass Technologies
todd@lgt.com

(415) 324-4318


 -----BEGIN PGP SIGNATURE-----
Version: 2.6

iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a
XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0
0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y
=bTYb
 -----END PGP SIGNATURE-----