[E-Lang] Hash Chaining & Capabilities, Proposal #2a: Active O ff-Line Messages

Karp, Alan alan_karp@hp.com
Wed, 18 Oct 2000 17:57:59 -0700 

> -----Original Message-----
> From: Mark S. Miller [mailto:markm@caplet.com]
> Sent: Tuesday, October 17, 2000 2:56 PM
> To: E Language Discussions; Nikita Borisov; Adrian Perrig; Dawn Song;
> David Wagner
> Subject: [E-Lang] Hash Chaining & Capabilities, Proposal #2a: Active
> Off-Line Messages
> 
> 			(snip)
> 
> 3) The infamous do-not-delegate bit.  We need to eradicate 
> this and then 
> find a strong cleanser to remove its stench.  (For those new 
> to this list, 
> see http://www.erights.org/elib/capability/conspire.html .)

Although you can control rights amplification in other ways, I believe this
bit makes it simpler to get it right.  There is also the problem of
multi-level security.  Since SPKI certificates can be passed out of band, it
is difficult to control their passing between security levels.  This bit
reduces the danger of honoring an invalid request.

>			(snip)
> 
>                                  Hash Chaining Again
> 
> 
> So let's say that the Certificate's Authorization field contains, not 
> <VatID(C), swissNumber(Carol)>, but <VatID(C), 
> hash(swissNumber(Carol))>.  
> Since we assume hashes are strongly irreversible, knowledge of 
> hash(swissNumber(Carol)) provides no knowledge of 
> swissNumber(Carol), and 
> only the latter is a secret that provides authority.  This 
> representation 
> also makes it easier to see how to interface between the 
> bearer and the 
> certificate worlds:
> 

This approach seems to solve one of the problems with using SPKI
certificates as capabilities, naming the object.  Since there is no control
over where these certificates go, there is no way to revoke them other than
a CRL or time expiration.  That means that the name in the certificate can
not be reused as long as a live certificate may exist.  In most systems,
that's a burden, since certificates often have long lifetimes.  However, the
(VatID,swissNumber) pair provide sufficient uniquification.  Does hashing
them remove the problem of someone in your trust domain issuing a
certificate for one of your objects?

> 
>			(snip) 
> 
> More later...
> 
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
> 

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278