<11e306600809261444p9846e07ie88f7d7667ebc62d@mail.gmail.com>
Current votes: None.
------=_Part_25205_25657236.1222465479405 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sat, Sep 27, 2008 at 9:19 AM, Elliotte Rusty Harold < elharo@metalab.unc.edu> wrote: > I do think we have an existence proof that security in this realm is > possible. That's Java. Modulo some outright bugs in VMs (since repaired) the > default Java applet security model has worked and worked well since 1.0 beta > 1. (1.0 alpha 1 wasn't quite strict enough.) I have seen no security design > flaws exposed in Java applets in over ten years. That's why I suspect > duplicating Java's security policy in HTML is a safe way forward. I'm > skeptical that anything less will suffice. > You also see that Java is almost never used in the public Web. Java doesn't prove anything. Rob