[E-Lang] Re: Old Security Myths Continue to Mislead

[Jonathan S. Shapiro]

> Even though all messages passed through the core, the core never looked at
> the payloads.  Hence, confinement ala Lampson was not enforced.
Capability
> confinement could have been enforced using a mechanism in the design that
we
> did not get a chance to implement.

Examining the payloads is not required. The core must only validate that the
sender holds a valid capability to the receiver. This is a common
misunderstanding of confinement. Go back and look at Lampson again.

Jonathan