[messaging] Online update and dev platforms for crypto apps

Mike Hearn mike at plan99.net
Wed Feb 11 09:39:06 PST 2015


 That's right - same as any sandboxing technique really.

The difference is that building a sandbox for C++ is very expensive. The
Chrome sandbox is a large, complex endeavour. This is partly because you
don't have type-level isolation, so everything has to be message passing
based.

Whereas you can sandbox stuff on the JVM more easily because the platform
was designed for that from the start, and the memory safe nature simplifies
things quite considerably. You can much more easily do method calls and
pass objects across the boundary, as long as you are careful.


> Aside from that, what's the use case scenario for allowing people to
> downgrade? I guess it's to promise people "Upgrade the app, and if you
> don't like where I moved your cheese[0] you can go back?"


Partly that and partly in case you ship a regression or bug that only
affects some users.

>From a security perspective, being able to temporarily pin yourself to a
particular version means you can choose to wait longer to get more
assurances about a new version. Of course if the new version has security
fixes, that is a gamble .....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150211/41beaf53/attachment.html>


More information about the Messaging mailing list