[cap-talk] On the importance of being "untrusted" - let's be clear
Karp, Alan H
alan.karp at hp.com
Thu Mar 3 14:16:50 EST 2005
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Jed
> at Webstart
> Sent: Thursday, March 03, 2005 11:06 AM
> To: General discussions concerning capability systems.
> Subject: RE: [cap-talk] On the importance of being
> "untrusted" - let's be clear
>
> At 10:44 AM 3/3/2005, Karp, Alan H wrote:
> >Dean Tribble wrote:
> >
> > > Though better than "untrusted", giving instructions to
> the user seems
> > > inappropriate. If I get mail from my brother, it seems
> > > presumptious to
> > > tell me to treat him as a stranger just because your
> software doesn't
> > > recognize him.
> > >
> >If you get mail supposedly from your brother, but the certificate
> >doesn't correspond to the one you used to establish a
> petname for him,
> >you'd better treat him as the stranger who might be spoofing you.
>
> Of course I'm not sure exactly what Dean was referring to
> with his example, but
> I can easily imagine a situation where I'm looking at
> "received" email through
> a Web interface to a site that I haven't named but where the
> mail itself
> can be positively identified by me (e.g. with a PGP/GPG signature).
>
> The Web site itself is simply "unnamed." Trying to
> anticipate all situations
> seems to me rather futile. As I noted previously it might be
> that the web site
> itself is referenced in a link from a named and trusted site.
> It might well
> be trusted though unnamed.
OK, OK. The email contains a link supposedly to Dean's brother's web
site. If your petname for that site doesn't appear when you access the
page, you'd better assume you're talking to a stranger..
>
> --Jed http://www.webstart.com/jed/
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20050303/3d69468a/KarpAlanH.vcf
More information about the cap-talk
mailing list