Message-Id: <199906082352.QAA28869@laguna.eng.sun.com>
Date: Tue, 8 Jun 1999 16:52:42 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: JDK 1.2 Security disappointment
To: java-security@java.sun.com, jseeger@peoplepost.com
Jerry:
In JDK 1.2.2:
http://developer.java.sun.com/developer/earlyAccess/j2sdk122/index.html
we have added the following new features to the Plug-in, which
will allow you to grant all permissions to an applet whose
signature has been verified and authenticated, without you having to
set up any policy/keystore files:
If your applet is signed, and the permissions granted to it
do not include the "usePolicy" RuntimePermission (note that
this permission is not granted by default),
we will verify the entire applet certificate chain.
Verification will go all the way up to the Root CA of the chain
and check if that Root CA is contained in
your browser's (native) database of trusted Root CAs.
If so, the user will be prompted if they want to grant the special
"AllPermission" (which implies every other single permission)
to the applet. In this case, the policy will be bypassed
altogether (binary policy decision).
Also, we added support for RSA signature verification in the
Plug-in, so that you can run applets signed with Netscape's signtool
in the Java 2 JRE.
This is only the 1st step towards a model in
which you can grant permissions to applets in a dynamic fashion.
Jan
> Date: Tue, 08 Jun 1999 16:32:24 +0100
> From: Jerry Seeger <jseeger@peoplepost.com>
> MIME-Version: 1.0
> To: java-security@java.sun.com
> Subject: JDK 1.2 Security disappointment
> Content-Transfer-Encoding: 7bit
>
> Some time ago I submitted a bug report/design change request for
> security and I recieved a nice message in return encouraging me to
> migrate to Java 2 as the problem was already addressed there. I have
> been reading up recently, and I find that this is not the case.
>
> My plea to you is that as you develop your security mechanisms, do not
> forget the consumer. There is NO WAY that joe consumer is going to Set
> up his browser to grant required permissions as described in step 3 of
> the example shown at http://java.sun.com/security/signExample12/
>
> Some day I hope to use your security model, but for now I can't. Until
> you make it possible for a user to grant permissions to applets simply,
> I can't even endorse your methodology over those used by Microsoft and
> Netscape, flawed as those may be. Therefore, I cannot use the Plugin,
> and must debug on multiple VMs, and I cannot run at all on the Mac.
>
> You guys make great stuff, but Microsoft understands the consumer. If it
> is not EASY TO USE, your VM will fail in the marketplace. It's that
> simple.
>
>
> Jerry Seeger
> Director of Software Engineering
> BinaryLabs, Inc.
> jseeger@binarylabs.com
>