Financial identity is *dangerous*? (was re: Fake companies, real money)

[dan at geer.org]

|  > What machine, attached to a network, using a web browser, and 
|  > sending and receiving mail, would you trust? 
|  
|  I would suggest pursuing work along the lines of a Virtual Machine Monitor
|  (VMM) like VMWare.  This way you can run a legacy OS, even Windows,
|  alongside a high security simplified OS which handles your transactions.

Hal,

I'm pretty sure that you are answering the question
"Why did Microsoft buy Connectix?"[1]  -- the answer
was not, in other words, to screw Mac OS X users
but to break the conundrum Ballmer finds himself
in where the road forks towards (1) fix the security
problem but lose backward compatibility, or (2) keep
the backward compatibility but never fix the problem.
His Board would prefer (2), the annuity of locked-in
users, but it forces a bet that software liability
never happens.  Fixing the problem, for which the
calls grow more strident daily, puts the desktop
platform into play even more than it is now as
it asks the users (who, having lost compatibility,
thus have nothing to lose) to marry Redmond a
second time.  A VM-cures-all strategy is then
an attempt to avoid having to choose between (1)
and (2) by breaking backward compatibility for
new things but bridging the old things with a
magic box that both preserves the annuity revenue
stream from locked-in users while it keeps the
liability bar at bay.

Or so I think.

--dan


[1] http://www.microsoft.com/windows/virtualpc/previous/default.mspx


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com