[cap-talk] solve CSRF by making references unforgeable, not unshareable
Karp, Alan H
alan.karp at hp.com
Wed Mar 25 20:31:34 EDT 2009
David-Sarah Hopwood wrote:
>
> There is not much reason to make a capability representation both
> opaque and sparse: it would be redundant. However, there is nothing
> to prevent it.
>
One of Jed Donnelley's systems (DCCS?) encrypted sparse capabilities with a key not available to the process holding them in order to prevent leakage when people read dumps.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list