[cap-talk] In Defense of Identities - not

[Eric Jacobs]

On Wed, 06 Dec 2006 11:46:17 -0500
"Jonathan S. Shapiro" <shap at eros-os.com> wrote:

>   3. In the absence of a trusted service, it is exceptionally
>      difficult to get transitivity of revocation right. The simple
>      cases are simple and the hard cases are impossible. Consider:
> 
>         c1->someOperation(...arg...) => c2
> 
>      the decision to wrap the 'c2' capability depends a great deal
>      on what 'someOperation' does.

What would such a decision depend on? Is there an advantage to sending back an unprotected capability?

-Eric