[E-Lang] Quantum computing and capabilities
Fri, 2 Feb 2001 11:27:22 -0000
Bill Frantz wrote:
> Sturdy references consist of a vat-id, a swiss-number, and
> vat location
> hints. The bit problem with symmetric-key only-sturdy references is
> verifying the identity of receiving vat. If you share
> sturdy references,
> any sturdy reference can spoof the object, since it knows
> the shared secret.
Just to clarify this, I think you are saying that if Alice has a
symmetric-key cap for Bob, and passes this symmetric-key cap to Carol,
Carol gets the ability to access Bob, and to be Bob. To avoid this,
Alice must pass Carol a new symmetric-key cap for Bob.
It is ok that Alice can impersonate Bob to Carol. It is within the
definition of capability based security that Alice can introduce Carol
to a Bob of Alice's choosing.
I thought some might be misled by the statement: "The bit problem with
symmetric-key only-sturdy references is verifying the identity of
receiving vat." It definitely took me a moment to digest this
distinction when I first learned it. I think this distinction is also
what makes the requirements for capability based security relaxed
enough to permit a symmetric key solution.