Sim IJskes - QCG wrote:
On 10/03/2010 11:00 AM, Peter Firmstone wrote:
I've got some thoughts about how to isolate a smart proxy, please tell
me yours:
Are you sure you want to go the technical way, almost adding a
function, missing from the VM and runtime libraries, just because you
want to download anything you want, and execute it immediately?
Because it's possible and will improve security, I think we should
investigate it further, this could allow us to unmarshall the proxy and
determine trust without changing the Jini Service model. There's still
Service UI to consider too, but that happens after determining trust.
We need to be immune to DOS attacks during the period we're trying to
determine trust.
Isn't the general advice we give to people, think before you download,
and can't we extend this to jini?
This should still be the advice, for full functionality, some level of
trust will be required. If you were client of a service, the trust
you'd have for NASA or a University, would be different to the trust
you'd give a large corporation connected with advertising, or a poor
history of leaking personal details.
I think we need some new feedback based services to assist with trust
decisions.
I see many similarities to having a jini code clearinghouse and mobile
application appstores. I just don't want to limit peoples choices to 1
single appstore, and don't want to expose them to the naive keystore
model used for https, where 1 faulty certificate authority can
deteriorate the whole system.
I agree, I think we need pgp's web of trust, the infrastructure is
available now, public key servers etc, the technology's proven. The
Bouncy Castle has a pgp provider we can plug in.
Cheers,
Peter.
