Communicating Conspirators

Chip Morningstar chip@communities.com
Thu, 18 Nov 1999 16:05:05 -0800 (PST)


Bill Frantz sez:
>At 03:37 PM 11/18/1999 -0800, Chip Morningstar wrote:
>>Capabilities and credentials can be combined, to create a something like a
>>non-transferable capability, in the sense of a capability that is of no use
>>unless its holder can also simultaneously engage in a credential verification
>>protocol as me. In particular, I can give this capability to someone else to
>>hold onto and then forget about it myself, knowing that (A) they won't be
>able
>>to do anything with it, and (B) if they give it back to me at some future
>time,
>>I will still be able to use it. All of this hinges, of course, on my keeping
>>some secret that I never disclose to anyone which is the secret I use in the
>>credential verification protocol. This secret, in essence, is my identity.
>
>This sounds like Rights Amplification, where holding two capabilities is
>more powerful than either one alone.  (In your case, either one alone would
>offer effectively no authority.)  
>
>http://www.erights.org/elib/capability/ode/ode-capabilities.html#rights-amp

In terms of mechanism, you're completely correct.

However, I'm still also pondering (not to any particular conclusion as
yet, alas) how to "go meta" so that we can, as I said, communicate
*about* capabilities without communicating the capabilities
themselves. In other words, just because we have a mechanism that lets
us do credentialing doesn't necessarily imply that we have a clue
about what the best way to employ it is.