[7203] in Kerberos
Re: Kerberos and JAVA
daemon@ATHENA.MIT.EDU (Dennis Glatting)
Thu May 2 17:56:40 1996
From: Dennis Glatting <dennisg@pinky.cybersafe.com>
Date: Thu, 2 May 96 14:38:13 -0700
To: Sam Hartman <hartmans@MIT.EDU>
Cc: dennis.glatting@plaintalk.bellevue.wa.us, jwk3@acpub.duke.edu (Jay Kamm),
kerberos@MIT.EDU
Reply-To: dennis.glatting@Cybersafe.com
From: Sam Hartman <hartmans@MIT.EDU>
Date: 02 May 1996 16:30:51 -0400
> >>>>> "Dennis" == Dennis Glatting
<dennisg@plaintalk.bellevue.wa.us> writes:
>
> Dennis> From: Sam Hartman <hartmans@mit.edu>
> Dennis> Date: 02 May 1996 11:32:58 -0400
>
> >> >>>>> "Dennis" == Dennis Glatting
<dennisg@plaintalk.bellevue.wa.us> writes:
> >>
> Dennis> With the potential of tens of thousand clients, how
> Dennis> would you handle upgrades or bug fixes to the native
> Dennis> code?
> >>
> >> The same way you handle upgrades to the native SSL code.
> >>
>
> Dennis> What is that?
>
> Netscape and some other web browsers have support for a
> public-key server authentication system called SSL. To
> upgrade it, you upgrade your web browser.
>
Ah, I thought you were speaking in reference to something
like AOL dyna-load modules (or whatever they call them).
> Dennis> The authenticity of modules could be verified if the
> Dennis> run-time system has a rudimentary method of doing so.
> Dennis> For example, transfer of a module tagged "security
> Dennis> thingy" would have to be accompanied by a MD5 checksum
> Dennis> of the module signed by the provider, whose signature
> Dennis> is signed by the Java god.
>
> Without getting into specific issues involved in the
> design of this scheme, you are basically admitting my
> point: you need security hooks inside the native code on
> the user's computer for security to work. ...
Yup.
> ... I would prefer
> some sort of fully functional system--Kerberos within
> an organization large enough to justify it, some sort of
> public key system for consumers--than an over
> simplistic approach that allows me to download
> security-related class files.
>
My thought is a minimalist thing -- like PGP -- used to
boot-load more sophisticated systems. Since the
boot-loader "verifies" the system, the system could be
cached in a privileged directory.
-dpg
