[E-Lang] Java 2 "Security" (was: Re: Welcome Chris Skalkaand ScottSmith of Johns Hopkins)

Ben Laurie ben@algroup.co.uk
Sat, 20 Jan 2001 15:53:57 +0000


Tyler Close wrote:
> 
> Ben Laurie wrote:
> > It is unclear to me that this is a sustainable view: I can
> > forge (i.e.
> > copy) the capabilities, even in a capability secure
> > platform, if I have
> > access to the platform, surely? Furthermore, in a
> > distributed capability
> > system, then capabilities are inherently forgeable, aren't they, by
> > virtue of the fact that I can transmit them from A to B.
> 
> The verb "forge" should be reserved for unauthorized copying.
> Authorized copying is just plain copying. Capabilities are (and must
> be) easily copied; however, they are impossible to forge. A credit
> card is easily copied and possible to forge.
> 
> Both of the scenarios you describe are authorized copying and not
> forgery. When I voluntarily pass a capability to someone else, I am
> sharing that capability with them. The receiving party is authorized
> to copy that capability.
> 
> > Clearly we try
> > to reduce that by using stuff like crypto between A and B,
> 
> The crypto is there only to ensure that the intent of a given copy
> operation is precisely implemented and that it does not result in
> unintended copies. The crypto is not there to in any way restrict the
> copying abilities of either A or B.

You misunderstand me. I agree that if B makes copies of capabilities,
that is not forgery. My point was that someone who has stolen B's keys
is _also_ in a position to make copies, and it is that that I am
referring to as forgery.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff