[7198] in Kerberos
Re: Kerberos and JAVA
daemon@ATHENA.MIT.EDU (Jay Kamm)
Thu May 2 14:56:02 1996
Date: Thu, 2 May 1996 14:40:35 -0400 (EDT)
From: Jay Kamm <jwk3@acpub.duke.edu>
To: dennis.glatting@plaintalk.bellevue.wa.us
Cc: kerberos@MIT.EDU
In-Reply-To: <199605021550.IAA03017@btw.plaintalk.bellevue.wa.us>
On Thu, 2 May 1996, Dennis Glatting wrote (in response to myself and Sam
Hartman at MIT):
<snip>
> You do not want to leave it up to the client too. Many people
> use computers every day who are not knowledgeable of
> security matters, much less capable of upgrading their
> word processor. Should they be less secure because
> computer matters are not their forte?
If the individual computer is not secure to begin with, except in very
isolated settings, network security isn't going to do a whole lot. There
is some minimum expectation for computer users that they be able to
follow some simple instructions in order to do something. Our job as
programmers is to make that as easy as possible. So, if we can make the
security updates as simple as a double-click or a "make kerb_update", the
end user should easily be able to secure their computer.
> The authenticity of modules could be verified if the
> run-time system has a rudimentary method of doing so. For
> example, transfer of a module tagged "security thingy"
> would have to be accompanied by a MD5 checksum of the
> module signed by the provider, whose signature is signed
> by the Java god.
Sounds a little like perl's Penguin module to me... and yes, it should
verify the authenticity of the module. But for user authentication...
I'd much rather rely on a system routine than something Joe Webuser
embeds in his web applet... there are so many places the wrong thing
could be transmitted...
jay
http://www.duke.edu/~jwk3/
