[cap-talk] Alice Frames Carol (was: horton questions)
Peter Amstutz
tetron at interreality.org
Tue Jun 12 15:00:02 EDT 2007
On Sun, Jun 10, 2007 at 11:39:05PM -0700, Mark S. Miller wrote:
> The code on each page is a minor variation on the previous, with the changes
> marked. It illustrates the following brief explanation in the Horton paper:
>
> Carol's S2 should at least gift-wrap S3 so only Bob
> can unwrap it. Could we simply use the seal/unseal
> operations of Bob's who/be pair as the wrap/unwrap
> functions? Unfortunately, this would still enable Alice
> to give Bob a gift allegedly from Carol, but which
> Bob unwraps to obtain a faux S3 created by Alice.
>
> Does this page help clarify this explanation?
>
> Thanks for raising this!
Yes, I understand the reasoning now, and I think part of my
misunderstanding is that I'm working from a slightly different set of
assumptions: I assume that the capability includes both a public,
self-authenticating portion (a public key) in addition to the actual
private object capability string. In that case, if Carol digitally
signs the capability before sealing it and passing it to Alice, Bob
knows that a) no one but him knows the capability, because only he can
unseal it and b) the capability must have come from Carol, because only
Carol could have signed it.
I see how in a system that doesn't use public key cryptography, this
might need to work sightly differently.
--
[ Peter Amstutz ][ tetron at interreality.org ][ peter.amstutz at gdit.com ]
[Lead Programmer][Interreality Project][Virtual Reality for the Internet]
[ VOS: Next Generation Internet Communication][ http://interreality.org ]
[ http://interreality.org/~tetron ][ pgpkey: pgpkeys.mit.edu 18C21DF7 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070612/338e9c54/attachment.bin
More information about the cap-talk
mailing list