From: Rich Graves <llurch@networking.stanford.edu>
To: Simon Spero <ses@tipper.oit.unc.edu>
Message Hash: 47e4c40eca7643d3bae4fac63ababa0ef56702f611d6728462f2543ea331c6fd
Message ID: <Pine.GUL.3.93.960427212210.9901E-100000@Networking.Stanford.EDU>
Reply To: <Pine.SOL.3.91.960427210353.25084B-100000@chivalry>
UTC Datetime: 1996-04-28 09:43:27 UTC
Raw Date: Sun, 28 Apr 1996 17:43:27 +0800
From: Rich Graves <llurch@networking.stanford.edu>
Date: Sun, 28 Apr 1996 17:43:27 +0800
To: Simon Spero <ses@tipper.oit.unc.edu>
Subject: Re: Mindshare and Java
In-Reply-To: <Pine.SOL.3.91.960427210353.25084B-100000@chivalry>
Message-ID: <Pine.GUL.3.93.960427212210.9901E-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 27 Apr 1996, Simon Spero wrote:
> On Sat, 27 Apr 1996, Rich Graves wrote:
>
> > I think it would be a waste of time to build a multitiered security model
> > where applets with certain classes of signatures would be allowed to do
> > more. But signatures are still useful in a flat security model.
>
> Can you explain a bit more about why you think a multitiered model is not
> useful? I thought the general rule of thumb was to execute code with the
> minimum privileges necessary- are you advocating a single all-or-nothing
> approach?
Er, yes, I see I misspoke again. (Speaking well outside my areas of
technical expertise tends towards the manifestation of such gaffes, so I'd
be perfectly happy just to shut up if y'all would stop asking me direct
questions.)
To the extent I have any clue what I mean myself, my position is that the
privileges accorded to a particular bit of untrusted code should not be
derived automatically from the signature on said code.
-rich
Return to April 1996
Return to ““Vladimir Z. Nuri” <vznuri@netcom.com>”