WebFund 2013F Lecture 14

From Soma-notes

Audio from the lecture given on November 6, 2013 is available here.

Notes

November 6, 2013

  • Sandbox
      • Untrusted Applet restrictions
        • Only portion of screen
        • No file i/o
        • Same origin policy for the network
          • Download a program from the internet? It can’t just access anything on the internet
          • Can only talk to the server from which it was downloaded
      • If an applet is signed? You can trust it.
      • Digital signature/certificate
        • Certificates are containers for digital signatures
        • (p­s,pp)
        • S = ps(h(d)), pp(s)=h(d)
          • You know it could only come from someone who had ps
            • Not only do I have the hash? I have the hash that was produced by someone who has this secret key which corresponds to this public key
            • How do you know you have the right public key? Get it signed
            • Certificates are public keys plus meta data along with signatures of the public key
        • Sender encrypts with private key
      • No digital signatures on javascript code you download into your browser
        • Have to live with restrictions
        • Sandbox is taking over your whole computer