[cap-talk] Cap vs. cap + password - recap, Internet cafe
smagi at naasking.homeip.net
Fri Dec 2 23:01:51 EST 2005
Jed at Webstart wrote:
> At 07:22 PM 12/2/2005, Sandro Magi wrote:
>> I wasn't clear on that part. I think that's the only way to make it
>> truly safe.
> Even then I think there are substantial technical challenges. I think
> what you essentially have to do is to treat your hardware token like
> your actual computer and use it to grant just needed capabilities to the
> untrusted third party computer.
Yup, something like that. It'd be easier if you could just plug in your
> Those capabilities can either be
> 1. Available on the hardware "token" - in which case you can just ask
> it to grant permanent or revokable access to them to the untrusted
> 2. Only available elsewhere, in which case you have to set up a secure
> channel through the untrusted computer (just use it like an untrusted
> network) to some system where you can pull down additional capabilities
> to your hardware token.
> In any case I believe you have to explicitly identify any capability
> that you want to grant to the untrusted system.
It'd be nice if the USB device could connect to the network somehow.
Then the local http proxy could run on the USB device, and browsing the
device's filesystem would actually be browsing the web by proxy.
All links returned by the device and displayed in the browser window
would be numbered sequentially in their names, and the device could just
have a two or three digit display. When you click on a link in the
browser, the device displays which link number was pressed, so you can
verify that the browser isn't doing something behind your back. Perhaps
the device should wait for a confirmation from the user before
proceeding with the invocation.
Sounds kinda neat, if a bit cumbersome. That's a pretty minimal "trusted
interface" though, and I think it does the job. Any objections?
Any other ideas how to craft a minimal interface that can (preferably)
leverage existing hardware, and not some mythical USB key that can
connect to the internet? ;-)
More information about the cap-talk