signed applets a solution --never!

[Hal <hal () mrj com>]

When I received a signed applet with one popular browser based system a large, suitable-for-framing certificate appears 
across my screen so officious and grand in appearance as to resembles a 19th century  peace treaty. The grander its 
appearance the truer its claim?  It works for advertising so why not here?   With all confidence games each mark gets 
to answer the simple question: allow access or not. Can you resist? Will your users?  

Another problem is control. The clash is between mediating policy at a network choke point (a firewall) or assigning 
the job to every user in a protected net.  I argue that chokepoint mediation will continue.  Whatever 
user-discretionary control is permitted organizations must  protect themselves by choosing what to trust. This problem 
will only get worse.  As mjr points out, all kinds of objects will be distributed. I maintain that for any enterprise 
networks with a hetrogeneous collection of machines (the usual case) , a network chokepoint is the only economically 
viable enforcement method. It seems obvious that a chokepoint where signatures can be validated, whatever it gets 
called, will become an important part of the next generation security architecture.