Communicating Conspirators

Mark S. Miller
Mon, 15 Nov 1999 11:55:15 -0800

At 08:07 AM 11/12/99 , Ralph Hartley wrote:
>This is an assumption that you hadn't stated before. It is a strong
>assumption, which rules out much of what people use computers for.
>If your security model can't deal with real locks and doors what good
>is it? Must we have another security model for securing non
>computational things? If so that model needs to include computational
>security as a proper subset.

Ralph, this is a fascinating point, and approaches the issue from an angle I 
haven't encountered before.  I think it's a real contribution.  If it's 
alright with you, may I forward our conversation to date to the e-lang list, 
and continue the conversation on that list?  There are many bright minds on 
that list, some of whom have their own challenges to the capability view -- 
some from a crypto perspective, some from an OS perspective, but none so far 
from an interfacing-with-the-physical-world perspective.  There are also 
bright minds on that list who defend the capability view from perspectives 
different from mine.  I think it would be a fascinating discussion.  Even if 
you say no, thank you for raising a fascinating issue.

The ongoing archives of the list are at .  To subscribe to the 
list, send a message to whose body consists of 
"subscribe e-lang".

Now that you've raised it, in retrospect it's a bit surprising that we 
hadn't seen it.  Our starting vision in many respects is Nick Szabo's Smart 
Contracts , and Nick has also been explaining & 
promoting a close cousin: Smart Property.  This latter is Smart Contracts 
embodied in the behavior of physical objects, like a car that refuses to 
start if the owner misses too many payments.  While I was aware of this, 
until your note, it hadn't struck me that there might be security 
architecture issues in supporting it.