river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zoltan Juhasz" <juh...@irt.vein.hu>
Subject RE: Towards Internet Jini Services (trust)
Date Fri, 01 Oct 2010 12:05:51 GMT
Tom and all,

> When was the last time you analysed the contents of your 
> newly downloaded log4j.jar, just to make sure it didn't 
> contain anything nasty?  In that example, you trusted the 
> download site (apache.org), and you trusted the download 
> mechanism (HTTP - now that was risky!), and then you  trusted 
> the stuff you downloaded.

I think this is a key observation. The Jini mechanism for trust is based on
trusting the source and the download channel  but that does not imply
anything about the quality of the code you're about to execute. When you
download anything manually (in your browser), you have time to decide
whether or not you take the risk. Jini however is about programmatic clients
doing this automatically without human intervention. The speed of execution
is at a different scale. One would need semantic correctness checks which is
impossible to do right now. We had bumped into this problem when we used
Jini for distributed/parallel computation and the only solution we could
come up was to have accountability and a mechanism for non-repudiation, ie
you code can do stupid things but I'll catch you and make you pay for it. 

I don't know whether there is a universal solution to this, it is a very
complicated problem.


View raw message