[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaand S cottSmith of Johns Hopkins)

Karp, Alan alan_karp@hp.com
Wed, 24 Jan 2001 12:49:41 -0800


> -----Original Message-----
> From: Jonathan S. Shapiro [mailto:shap@cs.jhu.edu]
> Sent: Tuesday, January 23, 2001 5:56 AM
> To: Ben Laurie
> Cc: Mark S. Miller; David Wagner; e-lang@eros-os.org
> Subject: Re: [E-Lang] Java 2 "Security" (was: Re: 
> WelcomeChrisSkalkaand
> ScottSmith of Johns Hopkins)
> 
> 
> Ben Laurie wrote:
> > 
> > "Jonathan S. Shapiro" wrote:
> > > Defense in depth also becomes appropriate for "second 
> chance" security.
> > > A major problem with capability systems is: "What do I do 
> *after* I make
> > > a mistake?" In the real world, we often know that the 
> recipient does not
> > > act immediately. It is desirable to be able to undo an erroneous
> > > transmission. This, by the way, is where ACLs come in to play.
> > 
> > Isn't this trivially solved with revocable capabilities?
> 
> No it isn't. The problem is that I have some object A. I give 
> cap(A) to
> you intentionally and correctly. I give cap(A) to Fred by 
> accident. If I
> revoke A, then the copies of cap(A) that I gave to you get lost too.
> 
> Unfortunately, the feasible recovery strategies introduce some very
> serious security issues.
> 
> There really is a valid argument for some form of ACL here.

I disagree that ACLs are needed for selective revocation.  One way is to
have a system that gives you the ability to clone a capability.  Then you
can selectively revoke a single clone and leave the others alone.  That's
what we had with e-speak Beta 2.2.  With the current release of e-speak, you
create a delegated certificate which can be revoked modulo CRL propagation.

> 
> Jonathan
> _______________________________________________
> e-lang mailing list
> e-lang@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
> 

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-2
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/