From: frantz@netcom.com (Bill Frantz)
Date: Wed, 1 May 1996 18:05:37 +0800
To: cypherpunks@toad.com
Subject: Re: once again
Message-ID: <199605010642.XAA05631@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:02 PM 4/30/96 -0400, Perry E. Metzger wrote:
>I fully understand that Java is a general programming language and can
>do I/O. However, "Safe" Java subsets, like the ones used for writing
>applets or presumably the ones that would be needed for markets in CPU
>cycles, do not do i/o. One could add i/o to the suite, but that would
>be dangerous.

If I were as worried about Java security as Perry is, I would still
consider running Java (or C or C++) programs as part of certain markets in
CPU cycles because I would trust their source.  (IMHO, much better than
trusting every web page I access.)

A single example.  I could see a network-wide factoring attack on the key
NSA uses to GAK the extra bits in Lotus Notes.  Such an effort would run a
single program, which would be available in source.  Depending on the
details, I could either compile the program locally, or down load a signed
copy of the object code/class file.  The same argument applies to rendering
e.g. Toy Story.

This restriction does not provide for CPU cycle markets in arbitrary
programs, but I think that a significant market could still develop under
this limit.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA