[cap-talk] Webkeys vs. the web
Karp, Alan H
alan.karp at hp.com
Thu Apr 2 11:08:56 EDT 2009
Raoul Duke wrote:
>
> i assume i am missing some nuance or obvious thing as i usually do,
> because it still feels to me like things are at odds: on the one hand
> they "can be shared" but on the other hand it seems like the desire is
> for the UI to make them /not/ shared.
As much as we might like to share webkeys as easily as we share URLs, I contend that we can't because people aren't used to thinking of URLs as carrying authority.
>
> why is it that the UI strives to make them not shared?
>
Because people have developed patterns for sharing URLs that are incompatible with the security implicit in sharing webkeys.
>
> if they really are sharable, then i assume that means they are caps
> that do not require further authentication, which to me means they are
> too scary powerful to actually have going around like that, because
> somebody could leave the DoD laptop on the train by accident and then
> somebody else wakes it from sleep and has bookmarks for all sorts of
> trouble?
>
That's certainly one danger, but not the one that concerns me. I'm more worried about someone sending a link to a page that contains a powerful webkey.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list