[cap-talk] Safety of Password Capabilities
ben at algroup.co.uk
Wed Mar 9 13:26:02 EST 2005
Karp, Alan H wrote:
> Hal Finney wrote:
>>Mallory might persuade Bob that he is, in fact, David, and
>>thus get Bob
>>to voluntarily reveal the bits.
> I assume that requires Mallory to learn David's private key.
Only if you assume there's some magic way for Bob to reliably identify
David's private key.
> At any
> rate, this case is covered. If Bob thinks that Mallory is David, Bob
> could just as easily proxy Mallory's requests thinking they came from
That does not cover this case - you asked if there were other ways the
bits could be stolen.
> This case is but one example of the ways Alice makes herself vulnerable
> to the security of Bob and his delegates by giving Bob her capabilities.
> Fortunately, in many cases the capability from Alice is more valuable to
> Bob than to Alice, e.g., Bob's bank account at Alice's bank. In this
> case, Bob's vulnerability to his own security weaknesses and those of
> his delegates is greater than Alice's.
This is not a general property of password capabilities.
More information about the cap-talk