[cap-talk] Re: OS security discussion, restricted access processes, etc. - DCCS

Jed Donnelley jed at nersc.gov
Thu Apr 29 19:28:49 EDT 2004

At 02:30 PM 4/29/2004, Mark S. Miller wrote:
>At 01:43 PM 4/29/2004  Thursday, Jed Donnelley wrote:
> >I'm particularly curious to know about any 'modern' implementations of 
> mechanisms to share descriptor or data based capabilities across a 
> network - e.g. to compare them with earlier concepts and to see how they 
> compare.  Might anybody have any pointers?  Might there be any sort of 
> index of such concepts and/or implementations?
>There's a bare start at:

Thanks!  I'd like to inject a question (discussion?) about something said 
in the above with regard to the "password-capability system".

Namely, "Cryptographic capability protocols, by themselves, can never be 
more than password capability systems".

If the above statement is true then it would seem I've been fooling myself 
by considering some of the protocols in:


in particular:


that was the primary reason for publishing that paper.  With a scheme along 
these lines, while it is still true that it depends on the inability to 
guess a string of bits, at least it is set up so that the string of bits 
belonging to one process (person) is invalid for use by another process 
(person).  A transformation is required to prepare the bits for 
communicating to another domain. Is that notion included in the "Password 
Capability Model"?  It doesn't seem to me to suit the term.

>See also:

That's a good one that I haven't read yet.   Seemed to show up about the 
time I returned from Germany.  I find it curious that they didn't pick up 
the reference to the above Managing Domains paper since they both seem to 
focus on the same topic.  Still, I'll have to look in more detail to find 
out.  Perhaps a comparison would be worthwhile.

>And, of course, CapTP at
>and the Web Calculus at
>         Cheers,
>         --MarkM

Thanks Mark!

--Jed http://www.nersc.gov/~jed/ 

More information about the cap-talk mailing list