[EROS-Arch] Fw: [Cap-Talk] Re: On the other hand (process
tool restriction)
Bill Frantz
frantz@communities.com
Thu, 09 Nov 2000 13:52:47 -0800
At 05:24 PM 11/9/00 -0500, Jonathan S. Shapiro wrote:
>> I think the idea of getting/destroying domains with a space bank may be a
>> good one. The brand activity probably should be completely separated from
>> the space bank.
>>
>> One way to do this might be to make the brand slot a store-once slot/no
>> read. The domain would provide the store once operation. A separate
>> "brand tool" would provide the compare equal/not equal operation.
>
>Is it necessary for it to be read only, or is it sufficient if you have to
>know the old one to overwrite it?
(You must mean write-once instead of read-only above.) :-)
I think knowing the old value would be sufficient. Before storing, you
would want a strong assurance that the domain key was a domain key and not
a Trojan stealing your brand key. In the normal case where the factory (or
non-factory domain creating code, of which there were many examples in
KeyKOS) gets the domain from an Official space bank, it knows that the
domain key is not Trojan because of the space bank contract.