Communicating Conspirators

[Mark S. Miller]

At 11:45 AM 11/23/99 , Ralph Hartley wrote:
 >Suppose before Alice gives Bob a power, she insists that bob let her
 >examine his source code, and verifies that no information Bob receives
 >from Mallet can ever affect Bob's use of the power. This example
 >violates your other assumption ...

This example does indeed violate an assumption -- the assumption that is the 
whole premise of the thread.  This thread is named "Communicating 
Conspirators" specifically in reaction to 
http://www.erights.org/elib/capability/conspire.html rather than 
http://www.erights.org/elib/capability/confinement.html .  Ralph, the claim 
I took you to be challenging is the claim on the first of these links -- 
that *if* Alice is not in a position to confine Bob, or be assured that Bob is 
confined, *then* she cannot prevent Bob from further delegating this power 
to Mallet.  On the second link we concede -- indeed we proudly proclaim -- 
that if Bob can be confined to Alice's satisfaction, then Alice can indeed 
be confident that Bob cannot delegate the power to Mallet.  Your example 
above is a means of implementing confinement.  It is actually fairly close to 
the "auditor" technique E uses for confinement.

We further claim http://www.erights.org/elib/capability/dist-confine.html 
that there are severe limitation on the conditions under which Alice can 
obtain confidence of Bob's confinement.  I suspect that this may be where 
the substantive disagreement lies.

In any case, I hope you are correct that our claims may be narrow enough to 
be correct.  I would not have it otherwise.  Let us stay on track wrt what 
narrow claims we are making that you are trying to refute.


         Cheers,
         --MarkM