Re: Comments on [MANDATORY cert discovery capabiity]

[Peter Williams <peter@xxxxxxxxxxxx>]

George Capehart wrote:

> > (Take this example figuratively, only.)
>
> Interesting thought, though.  Personally, I couldn't imagine the
> circumstances under which I'd accept an ActiveX control that wanted to
> help me do *anything* with a cert.  Boy, talking about opening one's
> kimono . . . wanna make a copy of my private key(s) while your here?
> PKIs are all about trust and the ActiveX security model is essentially:
> "Trust me on this."  Sorry, I'm not quite there yet.  8-)

An activeX control may be implemented using java, and imply
all the assurances of the users java virtual machine.

I would agree that its important for any user/buyer of crypto
to know and trust the source of his/her virtual machine,
as much as the operating system. In some implementations,
the viritual machine and OS are one and the same. The
assurances, due to evaluation, of the OS kernel
and reference monitor (e.g. NT) and reliance on
CPU-based  privilege  mode enforcement can carry over to
assure the VM to the same level as the OS,  to all intents and
purposes.

This is a distinguishing factor of OS and non-OS
java clients for serious users of actual  internet security
technology.

A site's firewall can scan the activeX control's java
opcodes and ensure they meet "security requirements"
beyond mere well-formedness, before the control enters
the enclosure for execution. And this is not theory...

Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Peter Williams
Content-Disposition: attachment; filename="vcard.vcf"

Attachment converted: Lutefisk:vcard.vcf 17 (TEXT/R*ch) (0001C17F)