[E-Lang] Re: Hash Chaining & Capabilities, Proposal #2d: Deputizing Remote Vats

[Nikita Borisov]

"Mark S. Miller" writes:
>(Alan and Bill, you guys are the most qualified to address this 
>questionable assumption, as you've both been heavily involved in engineering 
>efforts with similar goals on both sides of this coin.  (E-Speak 2.2 vs 
>E-Speak 3.0/SPKI; Indra & Pluribus vs SPKI).  Is there a compelling 
>need for off-line certificates?  Do they address a real problem?)

While I cannot offer as much experience, I have my own personal
motivations for offline certificates, which are scalability and
vulnerability to attack.  In the context of vats and capabilities, an
online protocol requires VatA to participate in every exercise of the
capability; this may be impractical if Alice hands a capability to Bob
to a large number of people.  The vulnerability argument says that since
VatA has the power P, an attack on VatA results in compromise of P.  If
P is highly sensitive, Alice might want to ensure that VatA is always
under her physical control (eg. laptop), which precludes it from being
always online.  Offline certificates allow Alice to create an online
agent and give it a *restriction* of P.  In some systems, a "vat" with
the power P *never* has to be online (e.g. in DNSSEC, the signature key
can be kept in a vault, and the signatures it generates can be
transferred to an online server on a flopppy), although I'm not sure
whether the same is true in the context of capabilities.

- Nikita