On Mon, Nov 24, 2008 at 2:31 PM, Brion Vibber <brion(a)wikimedia.org> wrote:
Aryeh Gregor wrote:
They wouldn't have to click through if it was
signed, would they?
Yes they would.
If that wasn't the case, then any web site you visited could read all
your files without notifying you simply by signing their malware applet.
I don't know anything about Java signing; I was relying on (my
possibly incorrect reading of) what Greg Maxwell has said in this
thread. I was assuming there was some kind of PKI being used here, as
with HTTPS, so that "trusted" applets would silently run with more
permissions. If not, then never mind what I said above.