[E-Lang] Re: Old Security Myths Continue to Mislead
Jonathan S. Shapiro
shap@eros-os.org
Tue, 7 Aug 2001 15:41:17 -0400
[Norm forgot to cc e-lang]
> >A case could be made that mediation by the OS is ineffective if
capabilities
> >are cryptographic or sparse. This argument is wrong because of the
> >feasibility of proxying. The discussion could benefit by noting this.
>
> I am not sure what proxies have to do with this.
Because I can proxy across a data-only communication path, it is possible to
stop the transfer of capabilities but not the transfer of de-facto
authority. Therefore, the inability of a mediator to detect the transfer of
cryptographic capabilities does not result in any increase of de facto
authority transfer across the interface -- the transfer was possible anyway.
> >Karger, by the way, later claimed in his dissertation that capability
> >systems could not enforce confinement...
> >
>
> I feel incompetent to write on papers that I have not read in over 20
years.
I sympathize. Regrettably, Paul's thesis is not online. The Boebert and Kain
paper is online as postscript or PDF somewhere in the security papers
archive, but I do not have a URL.
shap