Firewall Wizards mailing list archives
signed applets a solution --never!
From: Hal <hal () mrj com>
Date: Thu, 11 Dec 1997 19:27:57 -0500
When I received a signed applet with one popular browser based system a large, suitable-for-framing certificate appears across my screen so officious and grand in appearance as to resembles a 19th century peace treaty. The grander its appearance the truer its claim? It works for advertising so why not here? With all confidence games each mark gets to answer the simple question: allow access or not. Can you resist? Will your users? Another problem is control. The clash is between mediating policy at a network choke point (a firewall) or assigning the job to every user in a protected net. I argue that chokepoint mediation will continue. Whatever user-discretionary control is permitted organizations must protect themselves by choosing what to trust. This problem will only get worse. As mjr points out, all kinds of objects will be distributed. I maintain that for any enterprise networks with a hetrogeneous collection of machines (the usual case) , a network chokepoint is the only economically viable enforcement method. It seems obvious that a chokepoint where signatures can be validated, whatever it gets called, will become an important part of the next generation security architecture.
Current thread:
- signed applets a solution --never! Hal (Dec 11)
- Re: signed applets a solution --never! Rachel Rosencrantz (Dec 14)