Comments on FC00 paper

Mark S. Miller markm@caplet.com
Mon, 01 Nov 1999 16:55:14 -0800


At 03:31 PM 11/1/99 , Marc Stiegler wrote:
>...the thing used as a public key is really a write
>authority, ...
>For me personally, talking about it as write-authority ... is
>much clearer than talking about it as a public-key-encryption analogy. ...

I believe there's a fatal problem with this approach.  The seal operation 
doesn't *write* anything -- it is completely side effect free.  As is the 
unseal operation.  The seal operation *creates* something that only the 
unseal operation (with the corresponding unsealer) can read.  So what did 
my previous message mean about an encryption key being "write authority on 
a virtual communication channel"?  Creating sealed envelopes and tossing 
them into a broadcast medium is effectively writing the communications 
channel represented by the unsealer's ability to unseal, since the traffic 
is opaque to everyone else.  The only object we can be said to be 
"writing", this virtual communications channel, is not reified as an 
object.  I think it would be disastrous to lead with this explanatory 
direction.

Btw, two other explanations of logically equivalent sealer/unsealer notions 
are available electronically:

Dean's ftp://www.agorics.com/pub1/agorics/postscript/MANUAL.B17.ps.Z

and Rees's http://www.mumble.net/jar/pubs/secureos2.html

Perhaps we can borrow some of their explanation?


         Cheers,
         --MarkM