From: frantz@netcom.com (Bill Frantz)
Date: Sat, 18 May 1996 09:44:00 +0800
To: Lyal Collins <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: Java & signed applets
Message-ID: <199605160556.WAA22587@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:02 AM 5/16/96 -0700, Lyal Collins wrote:
>Signing anything is somewaht a waste of time, unless the verification
>siftware is highly trusted, and there is good intergity/authenticity
>control of the root public key(s).
>So, in geneal - ho hum - until trusted hardware is available on the 
>desktop.

A bootable CD-ROM from a reliable source to verify signatures would be much
safer than no signatures at all.  Even just running the signature
verification program from CD-ROM would make an attacker's problem more
difficult.

BTW - The problem is not trusted hardware.  It is software that can isolate
untrusted programs and protect itself.  Anything with an A or B NCSC
security rating would certainly be attractive.  Trusted signature
verification hardware accessed by a compromised system can't be trusted. 
(How do you know what was given to the hardware to be verified?  How do you
know that the answer came from the hardware?)


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA