[cap-talk] Confused Deputies in Capability Systems
Karp, Alan H
alan.karp at hp.com
Fri Feb 6 16:38:58 EST 2009
Toby Murray wrote:
>
> Consider the final example from
> http://www.comlab.ox.ac.uk/people/toby.murray/papers/NDA.pdf in which
> users use non-delegatable authority provided by a "credential"
> capability to access classified networks via routers who are supposed
> to
> check the authenticity of such credentials before relying on them.
> Suppose a router fails to authenticate a credential. Then in a very
> strict sense, it could be considered a confused deputy.
>
Allowing access with a potentially forged credential is a bug, not a confused deputy.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list