Communicating Conspirators

Chip Morningstar
Thu, 18 Nov 1999 16:33:00 -0800 (PST)

Paul sez:
>Chip wrote:
>>Credentials, however, are not capabilities.  A credential represents a claim
>>about a particular entity, and this claim cannot be made to apply to a
>>different entity, just as in the college diploma example cited above. Moreover,
>>I need to be able to present a credential to others in order for it to be of
>>any use to me, and this would make no sense if by the process of presenting a
>>credential to someone else they also acquired use of it. Presenting a
>>credential thus must be a procedure more like a public-key signature
>>verification than like a pointer pass. In presenting a credential I do not
>>transfer a power but merely prove some property about me to the entity I am
>>communicating with.
>This sounds to me like proof-carrying code.
>Any thoughts as to the costs/benefits/semantics of combining capabilities with
>proof-carrying code?

If I understand correctly what proof-carrying code is, it deals with the case
where I give you some code to execute that carries with it some promise about
what it will or won't do. This is a useful thing and is certainly a part of the
computational world I would like to see us have. However, what I was talking
about was the case where you and I are interacting only by message passing and
you are trying to decide whether or not you want to pass me a pointer to some
special power that you possess.