Split Capabilities: Making Capabilities Scale

[Mark S. Miller]

At 04:22 PM 7/3/00 , Norman Hardy wrote:
> >> Capabilities are a bit like floating point values. ... Many (most?)
> >> capabilities were created, passed, used and then discarded in
> >> less than a second. ...
> >
> >Many cryptographically secure capabilities are not lightweight enough to be
> >treated so cavalierly. ...
>
>I agree that crypto capabilities are expensive to produce, but that may be
>reason to postpone creating them until they are actually needed. 

I don't.  In E, we indeed treat cryptographic capabilities in the 
lightweight and disposable fashion Norm describes as the KeyKOS style.  In a 
previous message I explained what the representation costs of an E 
capability are.  Whether these costs are cheap enough to justify this 
style, I leave to y'all to judge.  If you need other cost info, I'll be 
happy to provide it.  But please don't assume SPKI is representative of the 
costs of cryptographic capabilities.


         Cheers,
         --MarkM