[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalkaand
ScottSmith of Johns Hopkins)
Sat, 20 Jan 2001 11:19:37 +0000
Marc Stiegler wrote:
> The reason the world is moving so ferociously towards cross checking the
> credit cards is that the credit card data is so ludicrously forgeable.
> Forgeability is as profoundly non-capability-like as you can get. Indeed, it
> is the antithesis of capabilities. It is why both the concepts of
> capabilities and ACLs were invented, as an alternative to this situation.
> It strikes me as inconceivable that such cross checking would be a growth
> industry if indeed the credit cards really were capabilities. Especially if
> they were capabilities run on capability secure platforms, in which case the
> unforgeability of the capability would be superior to any other form of
> authentication ever developed by human society.
It is unclear to me that this is a sustainable view: I can forge (i.e.
copy) the capabilities, even in a capability secure platform, if I have
access to the platform, surely? Furthermore, in a distributed capability
system, then capabilities are inherently forgeable, aren't they, by
virtue of the fact that I can transmit them from A to B. Clearly we try
to reduce that by using stuff like crypto between A and B, but A has to
assume it can rely on B in order to make the capabilities unforgeable.
This assumption may not be correct.
That is not to say that these kinds of system aren't superior to
existing ones, but we need to recognise the limitations.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff