[cap-talk] Managing Domains, section 13
john.carlson3 at sbcglobal.net
Sat Nov 18 04:17:11 CST 2006
-----BEGIN PGP SIGNED MESSAGE-----
> Thanks for taking time to look more closely at that algorithm. I
> think it's quite an elegant approach (e.g. the object description
> data - the
> 'designation' - showing up as clear text when received by the server,
> the fact that the server need note be involved in capability
> the fact that clients can safely view the clear text of the object
yes, those are all positives. If you can recall, I implemented a
system with GPG. Unfortunately, I had no easy way to protect the
keys...they were only protected by ACLs. I know that Jeff Kalibjian at
HP did a lot of work on their security stuff (I don't exactly recall
he worked on even though he gave a talk on it). He used to work at
LLNL. Perhaps you've met him.
>> You'd have a more convincing story if you were actually using
>> public/private keys in some fashion, like in email.
> You lost me with the above. I believe I am. I suggest in that paper
> a means for communicating permission tokens (object capabilities)
> as data on a network. I've come to believe that what most refer to
> as "confinement" (and I didn't deal with in that paper) where
> object capabilities are strongly POLA in that they also constrain
> communication to only happen through valid capabilities is also
> needed in an effective network "operating system" (process
> domain management).
Hmm. I don't see any sign of PGP, GPG, SHA1 hash, signature
or any encryption of email on your part.
>> If you ask the user to provide a capability to a server, then you're
>> just asking for phishing again.
> I don't understand the above comment. Why so?
Never mind, it doesn't apply to public/private keys. It would apply
to someone putting a YURL into the wrong web page.
> I'm hoping we can enhance the object/capability paradigm to meet
> the needs of those who are looking for accountability/auditability
> who did what) and identity based access management (e.g. revoke
> just the access of a bad apple) while still accepting the reality of
> allowing delegation as is inevitable between communicating entities.
> This is an effort to get the "best of both worlds". I hope it's
> If so perhaps we'll have something new to fire back at the ACL
> More capability myths demolished.
I'm perfectly willing to spend some more time on my directory & file
that I wrote in Java. I need someone to handle the public/private
the kernel I assume, and I would need a design for a revocable
that can be used with public/private keys--I guess you essentially
public key off your key ring to revoke it? That seems effective. I
was some logging in my implementation, but it would have to be polished
Once we deal with capabilities, we can tackle electronic voting.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the cap-talk