On Mon, Nov 24, 2008 at 2:31 PM, Brion Vibber brion@wikimedia.org wrote:
Aryeh Gregor wrote:
They wouldn't have to click through if it was signed, would they?
Yes they would.
If that wasn't the case, then any web site you visited could read all your files without notifying you simply by signing their malware applet.
I don't know anything about Java signing; I was relying on (my possibly incorrect reading of) what Greg Maxwell has said in this thread. I was assuming there was some kind of PKI being used here, as with HTTPS, so that "trusted" applets would silently run with more permissions. If not, then never mind what I said above.