[cap-talk] Cap vs. cap + password - recap, Internet cafe

Sandro Magi smagi at naasking.homeip.net
Fri Dec 2 23:01:51 EST 2005 

Jed at Webstart wrote:
> At 07:22 PM 12/2/2005, Sandro Magi wrote:
> 
>> I wasn't clear on that part. I think that's the only way to make it 
>> truly safe.
> 
> 
> Even then I think there are substantial technical challenges.  I think 
> what you essentially have to do is to treat your hardware token like 
> your actual computer and use it to grant just needed capabilities to the 
> untrusted third party computer. 

Yup, something like that. It'd be easier if you could just plug in your 
own computer.

> Those capabilities can either be
> 
> 1.  Available on the hardware "token" - in which case you can just ask 
> it to grant permanent or revokable access to them to the untrusted 
> computer.
> 
> or
> 
> 2.  Only available elsewhere, in which case you have to set up a secure 
> channel through the untrusted computer (just use it like an untrusted 
> network) to some system where you can pull down additional capabilities 
> to your hardware token.
> 
> In any case I believe you have to explicitly identify any capability 
> that you want to grant to the untrusted system.

It'd be nice if the USB device could connect to the network somehow. 
Then the local http proxy could run on the USB device, and browsing the 
device's filesystem would actually be browsing the web by proxy.

All links returned by the device and displayed in the browser window 
would be numbered sequentially in their names, and the device could just 
have a two or three digit display. When you click on a link in the 
browser, the device displays which link number was pressed, so you can 
verify that the browser isn't doing something behind your back. Perhaps 
the device should wait for a confirmation from the user before 
proceeding with the invocation.

Sounds kinda neat, if a bit cumbersome. That's a pretty minimal "trusted 
interface" though, and I think it does the job. Any objections?

Any other ideas how to craft a minimal interface that can (preferably) 
leverage existing hardware, and not some mythical USB key that can 
connect to the internet? ;-)

Sandro

More information about the cap-talk mailing list