[2858] in WWW Security List Archive
Re: Applet security (was Re: ActiveX security hole reported).
daemon@ATHENA.MIT.EDU (Paul Rarey)
Fri Aug 30 15:51:11 1996
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Fri, 30 Aug 1996 10:04:50 -0700
In-Reply-To: Alireza Bahreman <bahreman@eit.com>
"Re: Applet security (was Re: ActiveX security hole reported)." (Aug 30, 9:38)
Reply-To: Paul Rarey <Paul.Rarey@Clorox.com>
To: Alireza Bahreman <bahreman@eit.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Aug 30, 9:38, Alireza Bahreman wrote:
> Subject: Re: Applet security (was Re: ActiveX security hole reported).
>1) The class file is extended to include the object signature block. No other
> enveloping mechanis is used. See http://eco.eit.com/solidoak/
Understood - I lean toward a MIME based mechanism though....
>2) Actually, it is based on RFC-1847 and nothing prevents S/MIME being used to
> provide the MIME security. If you are interested, please view:
> http://eco.eit.com/mapplet/
:-) I would prefer a complete 1847 or MOSS over S/MIME which doens't do
multipart/encrypted.
>3) You are right. Using SSL requires trust in the server AND that no one has
> managed to spoof the server using man in the middle kind of an attack.
:-) Read my msgref again, ment to say "in"complete. You seem to'v got the drift
though.
Cheers!
[ psr ]
