From: Alex Strasheim <cp@proust.suba.com>
To: cypherpunks@toad.com
Message Hash: c35b90c1260365f83f178d7dbf0a43fed60b8f18c7b53184ffec29ae8f4c6375
Message ID: <199602242031.OAA01806@proust.suba.com>
Reply To: <199602241942.OAA19580@homeport.org>
UTC Datetime: 1996-02-24 21:10:06 UTC
Raw Date: Sun, 25 Feb 1996 05:10:06 +0800
From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 25 Feb 1996 05:10:06 +0800
To: cypherpunks@toad.com
Subject: Re: REM_ote
In-Reply-To: <199602241942.OAA19580@homeport.org>
Message-ID: <199602242031.OAA01806@proust.suba.com>
MIME-Version: 1.0
Content-Type: text
> Until there's security oriented configurability, I can't say
> Netscape has anything better than an acceptable record. They do a
> decent job of fixing the bugs, but only if you can enfore deployment
> of a new version, and ensure that old, bad features are not used.
I guess that I have confidence in Netscape because they have a history of
responding to concerns posted here and elsewhere. Security oriented
configurability will be a good test -- I would be surprised if it doesn't
come out soon.
What are we talking about specifically when we talk about security
oriented configurability? Rather than just turning java(script) on and
off, wouldn't it be useful to piggyback off of the X.509 system that's
already in place?
For every CA's or server's cert, they'd just have to add two checkboxes:
whether or not to run java applets or javascript code from servers
vouched for by those certs. Is that what people mean when they talk
about configurability, or just the ability to shut down java*script) all
together?
Return to February 1996
Return to “Phil Karlton <karlton@netscape.com>”