[cap-talk] Webkeys vs. the web
Karp, Alan H
alan.karp at hp.com
Thu Apr 2 11:08:56 EDT 2009
Raoul Duke wrote:
> i assume i am missing some nuance or obvious thing as i usually do,
> because it still feels to me like things are at odds: on the one hand
> they "can be shared" but on the other hand it seems like the desire is
> for the UI to make them /not/ shared.
As much as we might like to share webkeys as easily as we share URLs, I contend that we can't because people aren't used to thinking of URLs as carrying authority.
> why is it that the UI strives to make them not shared?
Because people have developed patterns for sharing URLs that are incompatible with the security implicit in sharing webkeys.
> if they really are sharable, then i assume that means they are caps
> that do not require further authentication, which to me means they are
> too scary powerful to actually have going around like that, because
> somebody could leave the DoD laptop on the train by accident and then
> somebody else wakes it from sleep and has bookmarks for all sorts of
That's certainly one danger, but not the one that concerns me. I'm more worried about someone sending a link to a page that contains a powerful webkey.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
More information about the cap-talk