[cap-talk] solve CSRF by making references unforgeable, not unshareable

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Wed Mar 25 19:21:23 EDT 2009


lists at notatla.org.uk wrote:
> David-Sarah Hopwood wrote:
> 
>> References are made unforgeable by making valid representations
>> of them either opaque or sparse (unguessable). Representations
>> of SQL queries cannot be made opaque nor sparse.
> 
> Can things be opaque or sparse but not both?  What would be examples?

A reference in most capability programming languages is opaque, but
its representation as an address is not sparse.

A cryptographic capability representation or a swiss number is sparse
but not opaque.

There is not much reason to make a capability representation both
opaque and sparse: it would be redundant. However, there is nothing
to prevent it.

-- 
David-Sarah Hopwood ⚥



More information about the cap-talk mailing list