[E-Lang] Quantum computing and capabilities
Thu, 01 Feb 2001 15:30:38 -0800
At 12:06 PM 2/1/01 -0800, email@example.com wrote:
>Looking at the Granovetter diagram at
>http://www.erights.org/elib/capability/ode/index.html, I wonder how
>much E needs public key cryptography? Could it get by with only
>symmetric crypto, with symmetric keys embedded in the capabilities?
And Mark Miller wrote:
>In deploying any cryptosystem, initial connectivity is bootstrapped via
>(hopefully) trustworthy channels in previous media, such as sharing of PGP
>keys on business cards at parties (with physical meat presence), or sending
>"cap:" URI strings over PGP encrypted email. The power of cryptography, at
>least from a capability point of view, is to then continue to have trusted
>interaction in the new medium, leveraging only the *initial* connectivity of
>the old medium.
Note that sturdy references can't be passed in PGP messages because PGP
depends on public key for its security. :-( We may be back to Vinge's,
send three messengers and xor their three sets of data to get the real
Mark also posted a link to Unibus:
which describes the Granovetter diagram in a symmetric key system.
Sturdy references consist of a vat-id, a swiss-number, and vat location
hints. The bit problem with symmetric-key only-sturdy references is
verifying the identity of receiving vat. If you share sturdy references,
any sturdy reference can spoof the object, since it knows the shared secret.
If each sturdy reference has a unique key, and they are not shared between
uses then the logic in the Unibus protocol will work. This means that each
time you want to hand out a sturdy reference, you must get a new one with a
new secret key, resulting in a possible explosion of secret key storage.