[E-Lang] Irreversible delegation, was: draft statement of con sensus

Karp, Alan alan_karp@hp.com
Fri, 9 Feb 2001 08:24:43 -0800


I have no problem including item 2 unchanged.  

As I stated in my note, I have not been able to find a scenario that covers
the case in question.  In addition, I have found no compelling example of
how Alice could benefit could she enforce this rule.  That would only be the
case if I could turn the story around.  Even then, "prevent" is in the weak
sense that Bob has no incentive to cheat.  That's quite different from the
use of "prevent" in the cited example.

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
 

> -----Original Message-----
> From: Marc Stiegler [mailto:marcs@skyhunter.com]
> Sent: Thursday, February 08, 2001 8:40 PM
> To: Karp, Alan; hal@finney.org; markm@caplet.com
> Cc: e-lang@eros.cis.upenn.edu
> Subject: Re: [E-Lang] Irreversible delegation, was: draft statement of
> consensus
> 
> 
> Since this discussion seems to be taking multiple turns, I 
> will, unless a
> miracle occurs, invoke the procedure I spelled out several 
> days ago, and
> remove item 2 from the Statement of Consensus which I will be formally
> publishing tomorrow. Any resolution on this discussion can be 
> included in a
> future Statement.
> 
> Uh, the definition of a "miracle" would, I think, be that 
> Alan and Hal both
> send me email saying to include item 2 without change. This 
> assumes no one
> else jumps into the fray or requests that I remove item 2, in 
> which case
> item 2 remains toast :-)
> 
> --marcs
> 
> ----- Original Message -----
> From: Karp, Alan <alan_karp@hp.com>
> To: <hal@finney.org>; <markm@caplet.com>
> Cc: <e-lang@eros.cis.upenn.edu>; <marcs@skyhunter.com>
> Sent: Thursday, February 08, 2001 6:15 PM
> Subject: RE: [E-Lang] Irreversible delegation, was: draft statement of
> consensus
> 
> 
> > Isn't rights amplification an issue?  Here I've set up a scenario in
> > which one of the conspirators loses any benefit obtained by 
> giving up
> > the power irrevocably.  Hence, Alice "prevents" Bob from doing
> > irrevocable delegation.  I'd also like to turn the story 
> around, so that
> > the conspirator benefits only by giving up the power 
> irrevocably.  That
> > should have the same result as Alice requiring Bob to 
> delegate to Mallet
> > irrevocably.  Unfortunately, I don't see how to do it.
> >
> > Bob has the right to the can; Carol has the right to the can opener.
> > Bob and Carol never heard of each other.  Bob is willing to 
> proxy for
> > Mallet; Carol is willing to proxy for Mallet.  The tuna is 
> safe from all
> > three.  Bob gives Mallet the right to the can.  Mallet can 
> ask Carol to
> > combine her right to the can opener with his newly obtained 
> right to the
> > can.  Now, the three conspirators can make their tuna 
> casserole.  (Side
> > question.  Doesn't the SPKI do not delegate bit prevent 
> this misuse?)
> >
> > Note that Mallet and Carol have no need to invite Bob to 
> the banquet.
> > Bob can't revoke the privilege he gave to Mallet, so he has 
> no recourse.
> > If there is no honor among thieves, then Bob won't give 
> Mallet the right
> > to the can.  Why should Mallet get all the goodies?  (I'm 
> assuming no
> > side payments.  Is that fair?)  Alice's tuna is protected 
> because the
> > only way that Bob can give Mallet what he needs to get the 
> tuna is to do
> > so irrevocably.
> >
> > Is this reasonable?  Can anyone see how to turn the story 
> around so Bob
> > only benefits from irrevocable delegation?
> >
> > _________________________
> > Alan Karp
> > Principal Scientist
> > Decision Technology Department
> > Hewlett-Packard Laboratories MS 1U-2
> > 1501 Page Mill Road
> > Palo Alto, CA 94304
> > (650) 857-3967, fax (650) 857-6278
> > https://ecardfile.com/id/Alan_Karp
> > http://www.hpl.hp.com/personal/Alan_Karp/
> >
> >
> > > -----Original Message-----
> > > From: hal@finney.org [mailto:hal@finney.org]
> > > Sent: Thursday, February 08, 2001 2:37 PM
> > > To: hal@finney.org; markm@caplet.com
> > > Cc: e-lang@eros.cis.upenn.edu; marcs@skyhunter.com
> > > Subject: Re: [E-Lang] Irreversible delegation, was: draft 
> statement of
> > > consensus
> > >
> > >
> > > Mark M. writes, quoting Hal:
> > > > >The question is one of irrevocable delegation.  If Bob has
> > > a capability
> > > > >to access [the Power] in certain ways, can he transfer it
> > > to [Mallet] in such a
> > > > >way that he is guaranteed not to be able to interfere with
> > > it in the
> > > > >future.
> > > >
> > > > This is sort-of the question, but you have the parity
> > > flipped.  Everyone
> > > > agrees that, under normal circumstances, a capability
> > > system enables Bob to
> > > > engage in an irrevocable transfer.  The rest of your
> > > message assumes this is
> > > > good, as it normally is.  The question is: Can Alice
> > > arrange to give Bob the
> > > > power in some special way, so as to prevent Bob for
> > > delegating it to Mallet
> > > > irrevocably?
> > >
> > > I see.  I'm sorry, I had the issue backwards.  It isn't whether
> > > irrevocable delegation is possible, it's whether it can 
> be prevented.
> > >
> > > We accept that delegation can't be prevented (due to 
> proxying); the
> > > question is, can we set things up so that the ONLY way Bob
> > > can delegate
> > > to Mallet is by proxying for him.  ACL systems claim to 
> do so, since
> > > they won't let Mallet access Alice directly, so he must have
> > > Bob's help
> > > for each access.  Capability systems can't do so since Bob
> > > can just hand
> > > Mallet any capability he has.
> > >
> > > I agree that I can't come up with any plausible 
> situations where this
> > > is a useful power.
> > >
> > > Hal
> > > _______________________________________________
> > > e-lang mailing list
> > > e-lang@mail.eros-os.org
> > > http://www.eros-os.org/mailman/listinfo/e-lang
> > >
> >
> 
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>