Authentication and encryption in Squeak

Cees de Groot cg at tric.nl
Fri Feb 6 08:46:53 UTC 2004


Lex Spoon <squeak-dev at lists.squeakfoundation.org> said:
>[...] or (worse) go read Bruce Schneir's Applied
>[Cryptography] book. 
>
Personally, I think that reading Schneier is a conditio sine qua non for
anyone who is thinking about doing anything security-related. 

>Please do get *someone* to review the protocol before
>commiting to it; security protocols are notoriously easy to botch, and
>once the protocol is in use it is hard to fix it.
>
Wise words, Herr Doktor Spoon.

>Do complex sucerity policies sound interesting, or do you just want a
>simple "you have access to this universe" kind of thing?  IMHO, I'd very
>much rather see an insecure Croquet than a Croquet that got put off and
>put off in order to make the security concerns come out correct. 
>
I'm not sure about that. From my previous Java/Jini life, I learned that
postponing security can be very harmful - one of the reasons I think
Jini never took off, is that it is impossible to put it out into the wild.
It is hugely succesful in server infrastructures, where you can control
everything, but totally worthless outside these shielded environments.

By the time they were done with Jini and wanted to smack security onto
it, they discovered that RMI brought them a lot of initial leverage
but that it was completely incapable of supplying the security that was
needed; that was ~4 years ago, and only now RMI is getting the security
primitives required by the proposed Jini-level security, and I seriously
doubt whether the resulting combination will be a very good match (the
security stuff is starting to look horrendously complex compared to the
simplicity and elegance - yes, beauty even - of the Jini spec).

In other words, the Jini team would have done a better job, probably,
by starting to build a good foundation and not grabbing a foundation
that happened to be present. The net result is a delay by some 6 years
and a suboptimal end product.

In the case of Croquet, I'd rather see this done right the first time,
even if (when) it means that Croquet needs to be based on Squeak-E (-ish)
things. Only when you can be reasonably safe that opening up your Croquet
environments to others won't harm you, it will be worthwhile to put *real*
stuff into it, rather than just toying around.

-- 
Cees de Groot               http://www.tric.nl     <cg at tric.nl>
tric, the new way           helpdesk/ticketing software, VoIP/CTI, 
                            web applications, custom development




More information about the Squeak-dev mailing list