Return-Path: 
 <river-dev-return-4735-apmail-incubator-river-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-river-dev-archive@minotaur.apache.org
Received: (qmail 56840 invoked from network); 4 Oct 2010 10:37:50 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 4 Oct 2010 10:37:50 -0000
Received: (qmail 8473 invoked by uid 500); 4 Oct 2010 10:37:49 -0000
Delivered-To: apmail-incubator-river-dev-archive@incubator.apache.org
Received: (qmail 8329 invoked by uid 500); 4 Oct 2010 10:37:47 -0000
Mailing-List: contact river-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:river-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:river-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:river-dev@incubator.apache.org>
List-Id: <river-dev.incubator.apache.org>
Reply-To: river-dev@incubator.apache.org
Delivered-To: mailing list river-dev@incubator.apache.org
Received: (qmail 8321 invoked by uid 99); 4 Oct 2010 10:37:46 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Oct 2010 10:37:46 +0000
X-ASF-Spam-Status: No, hits=0.7 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [83.163.196.105] (HELO nyx.xs4all.nl) (83.163.196.105)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Oct 2010 10:37:39 +0000
Received: from macmini.qcg.lan ([192.168.99.5])
	by nyx.xs4all.nl with esmtp (Exim 4.71)
	(envelope-from <sim@qcg.nl>)
	id 1P2iQ0-0003Cn-0D; Mon, 04 Oct 2010 12:37:16 +0200
Message-ID: <4CA9AE5B.7050208@qcg.nl>
Date: Mon, 04 Oct 2010 12:37:15 +0200
From: Sim IJskes - QCG <sim@qcg.nl>
Organization: Quality Consultancy Group b.v.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
 rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6
MIME-Version: 1.0
To: river-dev@incubator.apache.org
CC: Michal Kleczek <michal.kleczek@xpro.biz>
Subject: Re: Towards Internet Jini Services (trust)
References: <4C9DB5BF.8090307@zeus.net.au>
 <AANLkTimS6dg85wXqPW99qBrU23sK=Y5qK6X7c9YOsWD-@mail.gmail.com>
 <CA36A28E7BFA4F80916058A3436B14CA@irt.vein.hu>
 <201010011500.49853.michal.kleczek@xpro.biz>
In-Reply-To: <201010011500.49853.michal.kleczek@xpro.biz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 10/01/2010 03:00 PM, Michal Kleczek wrote:
> 3. I agree with Tom that making sure the code comes from a known source is
> enough to make a decision whether to run this code or not. But Jini already
> checks that (well... almost)- the only hole is that the check is done _after_
> deserialization - so it means the code was executed _before_ the check was
> done. My question actually is - why don't we check an object before it is
> deserialized?

A possible solution might be, to enforce code download to use TLS and 
verify if the othersides ceritificate matches the downloaders trustlist. 
We can extends this by enforcing the downloaded jars/classes to be 
signed with a similar certificate.

A "once bitten measure" could be, if a server violates this rule, it 
will automatically be taken of the trustlist.

Gr. Sim