[cap-talk] Delegating Responsibility in Digital Systems: Horton's "Who Done It?"
Karp, Alan H
alan.karp at hp.com
Thu May 17 11:58:13 EDT 2007
Rob Meijer wrote:
>
> In my e-mail capkey project, both Bob and Carol would supply
> Alice wit a
> reasonable amount of 'introduction' references.
> If Alice wants to introduce Bob and Carol, she would choose an unused
> introduction reference of both Bob and Carol, and use it to send Bob a
> message with the introduction reference to Carol, and to send Carol a
> message with the introduction reference to Bob.
> Alice would than step out of the loop, and Bob and Carol
> could use their
> mutual introduction chanels to send each other the appropriate
> references.
>
If you're not careful, Alice can make Bob think that she is Carol or
Carol think that Alice is Bob. I think your protocol has this flaw.
The reason Alice stays in the picture in Horton is to provide a known
path by which Carol can pass to Bob an unspoofable reference to herself.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Rob Meijer
> Sent: Thursday, May 17, 2007 1:38 AM
> To: General discussions concerning capability systems.
> Cc: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Delegating Responsibility in Digital
> Systems: Horton's "Who Done It?"
>
> On Wed, May 16, 2007 04:04, Mark S. Miller wrote:
> > Jed Donnelley, Alan Karp, and I would like your comments on
> our draft
> > paper
> >
> > Delegating Responsibility in Digital Systems:
> > Horton's "Who Done It?"
> >
> > found at <http://www.erights.org/download/horton/document.pdf>
> >
> > We plan to submit it to USENIX HotSec 07 (Hot Topics in Security)
> > http://www.usenix.org/events/hotsec07/cfp/
> > which has a five page limit. Submission deadline is 6/1/2007.
> >
> > We think this paper is important. Your comments and
> suggestions will be
> > greatly appreciated. Thanks!
> >
>
> With my unfortunately slowly ongoing work on the e-mail
> capkey tools as
> anti spam measure, I am going at an almost similar issue in a somewhat
> different way, and reading your paper I wondered if the two would be
> equivalent.
>
> In my e-mail capkey project, both Bob and Carol would supply
> Alice wit a
> reasonable amount of 'introduction' references.
> If Alice wants to introduce Bob and Carol, she would choose an unused
> introduction reference of both Bob and Carol, and use it to send Bob a
> message with the introduction reference to Carol, and to send Carol a
> message with the introduction reference to Bob.
> Alice would than step out of the loop, and Bob and Carol
> could use their
> mutual introduction chanels to send each other the appropriate
> references.
>
> I would be interested to learn if this would be equivalent to
> Horton, or
> if there are important shortcommings to this alternative. If
> so should I
> switch
> to trying to use Horton instead? If not, wouldn't taking
> Alice out of the
> loop early like this have major advantages?
>
> Rob
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
More information about the cap-talk
mailing list