[cap-talk] Two questions on auditors
Kevin Reid
kpreid at attglobal.net
Tue Jul 11 17:24:04 EDT 2006
On Jul 11, 2006, at 16:59, Norman Hardy wrote:
> These may have been covered, so I will be brief:
I'm assuming you're referring to auditors in E.
> If a new sort of auditor is invented, do I get to decide if you are
> allowed to audit an object that I built before the invention?
Objects can only be audited immediately before they exist, so you do
not get to decide; the answer is always no.
> Is it possible for an auditor to verify that there is no capability
> X (held by malware) to a component of what it audits, where X could
> be subsequently used to to damage the property that the audit
> vouched for?
No.
The auditor should instead audit for immutability of that component.
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list