Mark S. Miller
Mon, 15 Nov 1999 11:55:15 -0800
At 08:07 AM 11/12/99 , Ralph Hartley wrote:
>This is an assumption that you hadn't stated before. It is a strong
>assumption, which rules out much of what people use computers for.
>If your security model can't deal with real locks and doors what good
>is it? Must we have another security model for securing non
>computational things? If so that model needs to include computational
>security as a proper subset.
Ralph, this is a fascinating point, and approaches the issue from an angle I
haven't encountered before. I think it's a real contribution. If it's
alright with you, may I forward our conversation to date to the e-lang list,
and continue the conversation on that list? There are many bright minds on
that list, some of whom have their own challenges to the capability view --
some from a crypto perspective, some from an OS perspective, but none so far
from an interfacing-with-the-physical-world perspective. There are also
bright minds on that list who defend the capability view from perspectives
different from mine. I think it would be a fascinating discussion. Even if
you say no, thank you for raising a fascinating issue.
The ongoing archives of the list are at
http://www.eros-os.org/~majordomo/e-lang/index.html . To subscribe to the
list, send a message to email@example.com whose body consists of
Now that you've raised it, in retrospect it's a bit surprising that we
hadn't seen it. Our starting vision in many respects is Nick Szabo's Smart
Contracts http://www.best.com/~szabo , and Nick has also been explaining &
promoting a close cousin: Smart Property. This latter is Smart Contracts
embodied in the behavior of physical objects, like a car that refuses to
start if the owner misses too many payments. While I was aware of this,
until your note, it hadn't struck me that there might be security
architecture issues in supporting it.