From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Mon, 29 Apr 1996 12:45:35 +0800
To: ses@tipper.oit.unc.edu
Subject: Re: Mindshare and Java
Message-ID: <01I4326V6O0W8Y53B6@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"ses@tipper.oit.unc.edu"  "Simon Spero" 26-APR-1996 02:36:25.74

>In SolidOak, the verification is more or less free of charge, as it runs
>the signature code in a separate low priority thread, which often gets to
>complete during network induced latencies when fetching sub-classes, which
>can be initiated on class download before the code is instantiated.It also
>allows multiple classes to verified with just one PKOP, so the cpu cost 
>is amortised over a lot of stuff

	Umm... doesn't that allow code with a faked signature to be temporarily
trusted, long enough to possibly do some damage? For instance, in fetching
sub-classes, what is the code allowed to "know" in fetching them? Such
information could be sent out, including by what the code was requesting.
	Sorry if the above is not applicable; please explain why not, if so.
	-Allen