[E-Lang] Hash Chaining & Capabilities, Proposal #2d: Deputizing Remote Vats

Ben Laurie ben@algroup.co.uk
Tue, 02 Jan 2001 17:10:43 +0000

"Karp, Alan" wrote:
> A bearer certificate has two properties.  Anyone holding it can use it, and
> the system has no way of tracking who might be holding it.  E-espeak Beta
> 2.2 keys had the first property, but not the second; e-speak Beta 3.0 SPKI
> capabilities have the second property but not the first.
> By the way, I don't think the issue of unforgeable certificates is tracking
> who has the certificate;

That's not what I'm saying - I'm saying you have to either track them or
make them unforgeable.

> it's one of keeping the certificate safe.  One way
> is crypto, but another is keeping the certificate in the TCB of the resource
> it controls and only giving out a handle to it.

Then the handle has to either be unforgeable, or trackable, surely?




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff