[cap-talk] Rich Sharing and Clusterken videos come to YouTube
James A. Donald
jamesd at echeque.com
Wed Mar 14 20:57:43 PDT 2012
On 2012-03-15 10:30 AM, Toby Murray wrote:
> Trawling the other videos Marc has posted to youtube, I quite enjoyed
> the following:
>
> "Security Myth Debunkers: Can People Manage Fine Grain Privileges?"
> http://www.youtube.com/watch?v=mjBG2r34jvo
>
> (Best watched after the PubShare one.)
One obvious problem: Fine grain authorities are interesting only if you
pass them around. Your browser and your email will cheerfully report
these authorities to all and sundry, not knowing an authority that
should be world readable, because you usually want as much audience as
possible, from an authority that should not be.
To pass around authorities between programs written by different people
with conflicting interests we need an operating system that is
internally different from what we have, though look pretty much the same
to the humans using it and the programs running under it.
To pass around authorities between people, as in the example given in
the you tube video, we need a browser and email system significantly
different from what we have.
Since a browser is an enormous chunk of software, need to somehow wrap
the browser, so that the browser sees petnames for valued authorities
that should not be known to the world, therefore cannot rat them out.
And of course, need to communicate securely with people: each person has
to be represented by numerous write only authorities to his read only
queue, which ultimately means we have to represent people using Zooko's
triangle.
More information about the cap-talk
mailing list