[cap-talk] Webkeys vs. the web, problem #2

Tyler Close tyler.close at gmail.com
Mon Mar 23 01:03:57 EDT 2009


On Sun, Mar 22, 2009 at 4:06 PM, Chip Morningstar <chip at fudco.com> wrote:
> However, to get directly from the public view to the members' view would seem
> to require some kind of under the hood slight of hand that feels very
> non-capability like.

It sounds like you're asking for rights amplification. We do that with
capabilities.

I actually discussed this scenario in the Google talk I did ages ago:

http://video.google.com/videoplay?docid=8799856896828158583

The public view could contain a web-key for a sealed box containing
the web-key for the members-only functions. We just need a convenient
and safe GUI for doing the unseal operation. My current favorite is a
bookmarklet holding the user's unsealer. When viewing the public view,
the user may click the bookmarklet, which unseals the referenced box
and either redirects the browser to the web-key in the box, or adds
functionality to the current page. Unlike the cookie solution
discussed in your previous email, this one is not vulnerable to
clickjacking, since the rights amplification is not automatic and can
only be triggered by a click in the browser chrome, which an attacker
cannot make transparent.

When I've proposed this in the past, people have asserted that users
wont understand it. Seems simple enough to me, but perhaps not. I
suppose we'll just have to try it out and see what happens.

--Tyler


More information about the cap-talk mailing list