Seeking designs for a capabilities-based multi-user system

Marc Stiegler marcs@skyhunter.com
Fri, 21 Jul 2000 08:12:05 -0700 

Steven,

A couple of brief comments:

>      I just joined the e-lang list, so I thought I'd say hello.
> Mostly I suspect I'll be fairly quiet - crypto is more of a spectator
> sport to me, I can't keep up with the math.

I myself find the logic of using public keys for signatures and
certification just twisty enough so that on an ordinary day I don't
understand it--if I have to understand it for some reason (a rare occurrence
in my life, and an occurrence that never happens when I am just a user of
the E language), I have to study it again. One of the points and joys of E
is you don't need to know the math to do the crypto, the platform does it
for you, and the connections are automatically secure.


> like MOO, particularly when the limits are really pushed.  One thing
> that fascinated me about LambdaMOO back in 1992-94 was the sense of a
> really interesting and somewhat unexpected things being developed,
> particularly in the area of blurring of the line between the client
> and the server.

Since E is peer-to-peer, anyone locked into a client/server paradigm would
find the distribution of computing in an E software system uncomfortably
"blurred" and perhaps even "undisciplined". But it is in fact neither
blurred nor undisciplined, it is merely a different discipline, a discipline
which is gentler in terms of picking a machine that can be computationally
enabled to do part of the job (any computer you can get your hands on is
often a fine pick), but stricter in terms of the security features you have
to consider (what machine do you really trust to do that computation--the
answer is simple only if you have physical control of all the computers in
the system, then you can trust them all). To some extent, client/server
simplifies your security considerations by putting you in a straitjacket
with so few choices--you know you have to trust the server and you know you
can't trust the client even if you could enable it to do the computation,
which you usually can't.

--marcs