From: “Perry E. Metzger” <perry@piermont.com>
To: stevenw@best.com (Steven Weller)
Message Hash: ae94192b40b5c7fc5a80fe13ea673c69cfee880abc3b98e928ee30cfdffdd8d0
Message ID: <199603250448.XAA29939@jekyll.piermont.com>
Reply To: <v01540b01ad7bc72800a7@[206.86.1.35]>
UTC Datetime: 1996-03-25 09:27:56 UTC
Raw Date: Mon, 25 Mar 1996 17:27:56 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 25 Mar 1996 17:27:56 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
In-Reply-To: <v01540b01ad7bc72800a7@[206.86.1.35]>
Message-ID: <199603250448.XAA29939@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Steven Weller writes:
>
> Posted on RISKS:
>
> From: Ed Felten <felten@CS.Princeton.EDU>
>
> We have discovered another serious security flaw in the Java programming
> language,
There is only one way to fix Java -- which is to turn it off. The
hubris of the people who created it truly astounds me. After the
current flurry of obvious holes gets patched is the point when I'm
really going to worry, because thats when people are going to get
complacent until the one day when the big flaw is found by the good
guys, months after the bad guys found it.
Java security depends on
1) Perfect security model
2) Perfect implementation of the perfect security model
3) Nothing else in the surrounding system somehow undermining the
perfect implementation of the perfect security model.
I don't believe humans are perfect.
When you design a system on the basis that humans are imperfect, and
you cut out functionality until you can fully understand the system
(say, because the sources are down to a single page of C) and you try
to restrict the damage that any possible failure mode could provide,
you will still sometimes make mistakes, but at least they won't be too
bad or too frequent. When you build something large and complex, and
you require that the entire thing work for you to be secure, there are
just too many failure modes.
Perry
Return to March 1996
Return to “stevenw@best.com (Steven Weller)”