[cap-talk] mailkey: transfer of accountability. Is this broken ?? should I start from scratch/horton ?

Rob Meijer rmeijer at xs4all.nl
Mon Jun 4 07:38:53 EDT 2007

On Sun, June 3, 2007 23:06, Karp, Alan H wrote:

> MarkM and I spent a couple of hours on Friday afternoon translating the
> mailkey protocol to an object capability framework.  While we originally
> thought we could use to use insights from mailkey to simplify the Horton
> protocol, and the end the improvements appeared to be minor if there
> were any at all.

Thanks very much for that.
I am very hapy to now know that I havn't been wasting my time on this one ;-)

I think that it may be usefull for the misunderstandings between James an
Jed if you would be able to post your objcap projection of the protocol on
the list, as I feel both are missing part of the picture, and having a
view on bot Horton and mailkey would I think possibly help showing in what
subset of Horton's solution set the pure objcap version of mailkey might
be an alternative. For me personally the spam problem is big enough a
subset for me to be happy with mailkey at this moment.

What I think is a problem with mailkey for pure objcap is the fact that
if used 'asymmetrically', a single transfer of accountability ( A->B to
C->B) will result in two persistent proxy objects to go into 'revoked'
state. Thus possibly the most optimistic subset for mailkey would be that
where some form of symmetric transfer is needed.


More information about the cap-talk mailing list