Announcing Droplets

[Tyler Close]

> By "web walker" I simply meant any program that
> performs link traversal.
>
> SSL doesn't help unless there is also per-client
> access control.  The problem is
> that *any* client can get a connect to *any*
> server over SSL.  SSL gives you
> half-assed link encryption, but no restrictions
> are imposed on the server by
> SSL.  Given an SSL link, the client can still
> request any web page and the
> server will still provide it unless some other
> access control mechanism is in
> place.
>
> So my question is: why can't I just point a web
> bot at your server, download all
> of the pages, and thereby extract the values of
> the 128 bit keys?

For the same reasons that, given the cap for a particular E
object, you can't access all E objects in the Vat.

Sure, the client can request any web page that he knows the
URL for and the server will provide it no questions asked.
The problem is knowing what URL to ask for.

For instance, I've publicly posted the cap for my Mate
object. If you look at the Beach Sex code, the Mate object
has a private data member that points at my secret Person
object, but no public methods for accessing that data
member. How exactly do you propose to get at my Person
object given my Mate object? Like a good capability
environment, the Droplets product only exposes an object's
public methods.

Are you playing devil's advocate to get me to explain in
greater detail or was the above really not obvious?

Tyler