[Cap-Talk] Re: Is there a capability RFC?

John Stracke francis@ecal.com
Tue, 10 Jul 2001 13:50:00 -0400 

"David L. Nicol" wrote:

> and the bits about Security, which seem "tacked on," it occurs to me
> that a Standard Capability Protocol (capabilities are 1024 bits long,
> they include time-stamps and encooded origin info in a standard way,
> etcetera) would be a very good thing, if it doesn't exist already,
> and it would allow interoperability in much more interesting ways
> that the complex mutual trust relationships that the state-of-the
> art seems to require.

(Thanks for explaining what capabilities are, Ronald.  I have doubts that a
generic capabilities protocol would work well first try; better to try using
special-purpose versions in a few IETF protocols first, then build on that
experience.)

Could you expand on how capabilities would let us do away with mutual trust
relationships? It seems to me that a capability actually encodes a mutual
trust relationship.

> For instance, the "ability to flood a calendar system with bogus
> requests" could be greatly mitigated by use of capabilities in the
> basic archtecture.

How? You still need to examine each request to determine whether it's
authenticated.

> If every event is persistently tagged with the
> capability under which it was posted, removing (and submitting for
> re-moderation) all events posted under a compromised capability becomes
> trivial.

(a) How is this different from removing events posted by a particular user
during a particular time range?
(b) What about events posted by the legitimate user of the capability?

> And there remains the big-picture problem of where are all the laid-off
> personal secretaries supposed to do once it becomes possible to give
> someone a capability code and have a reasonable expectation of
> the recipient being able to leverage it into a meeting appointment
> with no further human interaction?

I'm not sure that this is a desirable goal.  A meeting *is* human interaction;
it necessarily involves investing humans' time.  Better to invest a small
amount of time deciding whether to go than to waste time going because you
delegated your decision-making to a cryptographic token.

Ultimately, there will always have to be a human-level intelligence deciding
whether to accept a meeting invitation, because my calendar does not encode my
entire life.  I have no events scheduled on Saturday; that doesn't mean I'm
willing to accept meeting invitations on Saturdays.  I spend most of each work
day on programming and so forth, which doesn't show up in my calendar; that
doesn't mean that people are free to fill up my calendar with invitations.

--
/================================================================\
|John Stracke    | http://www.ecal.com |My opinions are my own.  |
|Chief Scientist |===============================================|
|eCal Corp.      |Te audire no possum. Musa sapientum fixa est in|
|francis@ecal.com|aure.                                          |
\================================================================/