[cap-talk] Concrete comparable use cases
Bill Frantz
frantz at pwpconsult.com
Wed Mar 19 03:47:16 EDT 2008
erights at gmail.com (Mark Miller) on Tuesday, March 18, 2008 wrote:
>On Tue, Mar 18, 2008 at 6:31 PM, Pierre THIERRY
><nowhere.man at levallois.eu.org> wrote:
>> For example, to the best of my knowledge, no mainstream ACL system has
>> to deal with chains of delegation. [...]
>
>Hi Pierre, I think these are excellent points, and I agree. SPKI does
>handle delegation chains. It does by means that lie somewhere between
>the ACL and ocap paradigms.
Yes. Because the SPKI certificates are public, delegation goes to a
specific key, and that delegation is signed by the delegator. With
the public keys for all the certificates in the delegation chain,
the verifier can verify the validity of each certificate. It
doesn't matter how the delegatee gets the certificate, no man in
the middle can make use of it.
Compare SPKI to object capabilities, where delegation can only be
secure against a man in the middle by using a direct communication
path.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
More information about the cap-talk
mailing list