[cap-talk] password capabilities & object capability model?
Tony Bartoletti
azb at llnl.gov
Thu Aug 21 13:48:50 CDT 2008
At 10:06 AM 8/21/2008, zooko wrote:
>On Aug 21, 2008, at 10:22 AM, Mark Miller wrote:
>
> > I consider an unguessable swiss number to be a simple form of
> > crypto -- perhaps the simplest form.
>
>Me too, so I wouldn't hesitate to call such a system a "crypto cap"
>system. However, I would be alert to the possibility that the hearer
>might mistakenly think this implies use of encryption,
>authentication, or public key operations, so I might want to clarify
>that I mean only unguessability.
Pardon a degree of ignorance on my part - is "unguessable swiss
number" simply a large and randomly generated value, or does "swiss"
imply something more (something embedded, ala hash,
modulus...)? Does the usage "sparse" as in "sparse capabilities"
imply that protection revolves critically around strong
unguessability? If so, then I vote for "sparce" as a descriptor (or
... "swiss-cap", but too provincial...)
I was thinking "secure-cap" ("seccap"?) as a generalization -
(may/may-not involve "crytography" per se) but this may be too broad
an umbrella...
Cheers! ____tony____ <---(obsesses on terminology...)
Tony Bartoletti 925-422-3881 <azb at llnl.gov>
Cyber Security Research and Development
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900
More information about the cap-talk
mailing list