[cap-talk] Horton at HotSec '07: How broadly object/capability?
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Mon Jul 9 04:52:33 EDT 2007
On Aug 9, 2007, at 4:13 AM, Jed Donnelley wrote:
> that the issues regarding the costs for implementing
> object/capabilities are quite distinct at the
> different levels (language, OS, network).
Capsys people tend to say things like "capabilities are easy, just
use our language!" or "capabilities are easy, just use our OS!", and
this is clearly out of touch with reality. As a developer, I'm not
going to pick my language based on security features; you need to
bring your security features to my language. This is why I regard
e.g. Brett Cannon's work on capabilities in Python as important.
Similarly, as a developer, I'm not going to target an OS based on
security features, and as a user, I won't pick and use one based on
them. The bottom line then comes down to integrating capabilities
with existing approaches (languages, OSes) which have had a long time
to become entrenched in their current form, and are now regarded with
a strong "I'd rather deal with something bad that I understand than
something good that I don't" attitude by many stakeholders.
Ignorance and inertia are by no means insurmountable, but by every
means formidable.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the cap-talk
mailing list