Communicating Conspirators

Ralph Hartley hartley@AIC.NRL.Navy.Mil
Tue, 23 Nov 1999 14:45:20 -0500


> >> Actually, we are making a more radical claim, which is that non-transferable
> >> powers do not exist.
> >
> >I understood this from the beginning, but was giving you the benefit
> >of the doubt. That is indeed a radical claim, it's false, but it is
> >radical. As the maker of a radical claim, I assume you know where the
> >burden of proof lies? Given the ease of finding counter examples, I
> >don't think you can possibly prove that without making so many
> >assumptions (for instance by restricting your definition of "power" to
> >mean "secret",

or something equally restrictive,

> > of course you can't keep someone from passing a secret
> >to someone he can communicate with) that the claim becomes practically
> >meaningless.
> 
> We don't define power to mean "secret", we define it to mean the right to
> direct the action of some object. Secrets are merely a means of implementing
> this idea.

Your definition is still way too narrow. (By the way, you must mean
the ABILITY not the right, or your arguments would not lead to your
conclusions.) There are to many things people need to do (and can do),
even in terms of computer security, were the notion of identity
matters.

Even a program has an identity. Verifying identity may be tricky, but
it isn't impossible. Even "biometrics" can be used on programs. A
cryptographic signature for the programs code is the digital
equivalent of a fingerprint.

> Given that what I stated is a non-existence claim, it is of course
> impossible to prove, though it may be disproved by a counterexample. 

This isn't the Lock Ness Monster we're talking about here.
Nonexistence proofs are the bread and butter of anything theoretical.
Radical claims do not loose their substantial burden of proof just
because they are stated in nonexistence terms.

> Though you
> say that finding counterexamples is easy, I haven't seen a counterexample yet.
> I'd actually like to see a counterexample, because if you are right it gives us
> a leverage point to do some other interesting things. 

I don't think I will ever come up with one for which you cannot say
"Oh, that's outside the domain of discussion." Given your narrow
definition of a power, and your assumption that the actors are
abstract entities that interact only by sending messages, and maybe a
few other assumptions I haven't noticed yet, your conclusions may
actually be correct.

Suppose before Alice gives Bob a power, she insists that bob let her
examine his source code, and verifies that no information Bob receives
from Mallet can ever affect Bob's use of the power. This example
violates your other assumption (it only works for programs not for
abstract entities), but it is not idle speculation. Consider how Java
uses it's byte code verifier to enforce its security policies.

> But of course I think I'm
> right, else I wouldn't be here arguing the point with you :-)

Contrariwise

Ralph Hartley