[cap-talk] 'Destroy' vs 'Sever'
Bill Frantz
frantz at pwpconsult.com
Tue Nov 27 19:36:49 EST 2007
clandau at macslab.com (Charles Landau) on Tuesday, November 27, 2007 wrote:
>The issue is, what should the semantics of Sever be? I claim it
>should be to invalidate all external caps to the object, but not
>change the internal state of the object. So, if it has internal
>references, they need to be preserved. Basically, Sever would be
>defined to have the same semantics as clone and destroy, where the
>clone is done to whatever depth makes semantic sense for the object.
I will note that when a node is severed in KeyKOS, any keys within that
node (internal caps) which designate the node being severed will be
invalidated. It would be a bit more complex in the kernel to make new
keys to the new node. It would be a lot more complex to implement
outside the kernel, using "normal" operations. (It would be about the
same if "key bits" (returns the representation of a key) was available.)
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list