[cap-talk] On revocation and the use of wrappers and In Defenseof Identities
Neal H. Walfield
neal at walfield.org
Thu Dec 7 04:03:56 CST 2006
At Wed, 6 Dec 2006 23:17:12 -0600,
Karp, Alan H wrote:
>
> Marcus Brinkmann wrote:
> > The problem is that it is easily exploitable, because the amount of
> > memory used to store the bookkeeping data is not bound by the number
> > of objects, but by the number of delegations that take place.
> > Depending on the design, either a user alone or at least two
> > conspiring users can probably exhaust these resources by delegating
> > the same object many times.
> >
> The server can always refuse if a given capability has been delegated
> too many times.
Sure. But how can it do this without potentially denying legitimate
service? I think that any limit will be arbitrary and will fail to
stop illegitimate use but block some legitimate uses.
Neal
More information about the cap-talk
mailing list