From: mrm@netcom.com (Marianne Mueller)
Date: Sat, 30 Mar 1996 03:18:30 +0800
To: dmacfarlane@zip.sbi.com (David Macfarlane)
Subject: Re: WSJ on Big Java Flaw
In-Reply-To: <9603271351.AA18267@zip_master2.sbi.com>
Message-ID: <199603291255.EAA26954@netcom20.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


We are doing several things: 

1) continuing a "scrubbing" of the code, to look for holes so we
can fix them

2) listening (really) to all comments about the applet security model
and mechanisms - some people fault the model, others fault
the mechanisms, and I'm interested in all critical feedback and
find it helpful

3) continuing to be committed to source code releases to continue vetting
by internet community

4) working with others in the networking security community to 
design ways to expand the functionality allowed to applets in a secure way

5) working on mechanisms to support signed classes, so that people
will be able to authenticate downloaded code.  Granted
just because code is authenticated, that doesn't necessarily 
mean it's trusted

As technical info on those things is written down, we'll put it
on our web site for review and criticism - 

Marianne
JavaSoft, Sun Microsystems
mrm@eng.sun.com
mrm@netcom.com