[cap-talk] On revocation and the use of wrappers and In Defenseof Identities
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Sat Dec 9 20:55:03 CST 2006
At Sun, 10 Dec 2006 00:52:15 +0100,
"Valerio Bellizzomi" <devbox at selnet.org> wrote:
>
> On 09/12/2006, at 21.57, Marcus Brinkmann wrote:
> >
> >> I'm not sure that unlimited delegation makes sense in any case. When
> you
> >> have delegated 10 or 20 times it is largely sufficient for any real
> job.
> >
> >I am not sure either, but where do you take your confidence from?
>
> I'm not confident at all, it is just that I see unlimited delegation like
> a potential denial-of-resource.
It is a potential DoS, but I am trying to show that a careful design
may allow unlimited delegation without causing opportunity for DoS attacks.
> Walking back a delegation-chain will probably be slow if there are too
> many levels of delegation.
Yes, but if the costs are attributed to the party receiving the
delegated resources, this is appropriate and not a concern.
> >Some time ago, it was thought sufficient to limit hostnames to 64
> >characters. The people making the decision probably never had a
> >vacation in Wales.
>
> How many characters are they now?
Actually, I got my story wrong here. The limit used to be 26, and now
it is 64, which is still too short. See
http://www.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.com/
Thanks,
Marcus
More information about the cap-talk
mailing list