[cap-talk] NDAs
Charles Landau
clandau at macslab.com
Fri Jun 5 19:10:45 EDT 2009
Toby Murray wrote:
> As a side note, I realised recently that NDAs can be built in /any/
> object-capability system. One simply uses randomly generated nonces that
> are rescinded upon presentation to simulate EROS/KeyKOS style "resume"
> keys. The argument then proceeds exactly as in the case of EROS which is
> discussed in the last paragraph of Section 1 in
> http://www.comlab.ox.ac.uk/people/toby.murray/papers/NDA.pdf .
I don't follow this argument. The cited paragraph doesn't say that
"resume" keys cannot be delegated. It says that in EROS a general
authority to reply [to any current or future caller] cannot be
delegated. The reason is that it cannot be built. In KeyKOS/EROS/CapROS,
any authority that can be built can be delegated.
More information about the cap-talk
mailing list