From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
I don't trust sandboxes either.
But I do trust signed code that has been thoroughly reviewed.
If you don't trust sandboxes, then you are crazy to follow the
Microsoft ActiveX fraudulent nonsense of confounding authentication
with authorization. That someone at a big company has signed some
code does not imply anything about how well it has been reviewed.
Bugs happen, and you can never know for certain that a VP has told
a chain of pointed hair bosses to stop delaying and SHIP IT!
Besides, how do you trust that the goals of any reviewing had
anything to do with your goals or even your well being?
Let's consider some of the attacks that might be done with distributed
filtering code. If the sandbox does not exist or allows the code to
modify passing mail, then your entire system is wide open. Naughty
filters could add viruses and worms to passing mail.
If the sandbox does not allow changes to passing mail by the filter,
then a filter from Microsoft could cause a random 70% of mail from
AOL to be rejected, and be labelled a bug much like Microsoft's so
called bug caused alternatives to Windows to fail.
See http://www.oreillynet.com/pub/a/network/2000/02/07/schulman.html
and http://www.google.com/search?q=microsoft+drdos
We would be talking about a few hundred lines of code here,
not tens of thousands.
The checksums computed for the DCC involve fewer than tens of thousands
of lines of code but strech a few hundred. My first checksums half
a dozen years ago did almost exactly what one person proposed in this
list. However such simple tactics have not been effective for years.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg