[cap-talk] Safety of Password Capabilities

Ben Laurie ben at algroup.co.uk
Wed Mar 9 13:26:02 EST 2005

Karp, Alan H wrote:
> Hal Finney wrote:
>>Mallory might persuade Bob that he is, in fact, David, and 
>>thus get Bob 
>>to voluntarily reveal the bits.
> I assume that requires Mallory to learn David's private key.

Only if you assume there's some magic way for Bob to reliably identify 
David's private key.

>  At any
> rate, this case is covered.  If Bob thinks that Mallory is David, Bob
> could just as easily proxy Mallory's requests thinking they came from
> David.

That does not cover this case - you asked if there were other ways the 
bits could be stolen.

> This case is but one example of the ways Alice makes herself vulnerable
> to the security of Bob and his delegates by giving Bob her capabilities.
> Fortunately, in many cases the capability from Alice is more valuable to
> Bob than to Alice, e.g., Bob's bank account at Alice's bank.  In this
> case, Bob's vulnerability to his own security weaknesses and those of
> his delegates is greater than Alice's.

This is not a general property of password capabilities.

More information about the cap-talk mailing list