[E-Lang] Re: Identity et al [was: ALU capability]

Mark S. Miller markm@caplet.com
Mon, 22 Oct 2001 08:38:17 -0700 

At 09:04 AM 10/19/2001 Friday, Dean Tribble wrote:
>(e.g., the eq function could be closely held).

If the eq function (or any other object) is closely held, then by definition 
it is not accessible outside the utcb.  Unless it is necessary to refer to 
it in order to explain the semantics of the utcb's exported interface, then 
for all significant purposes (other than a utcb implementors guide), it 
doesn't exist.  Creating objects that are closely held by the utcb is just a 
trick (a valuable one) for partitioning functionality between layers 
internal to the implementation of the utcb.  These objects should not appear 
in any discussion of semantics.


>In programming languages with encapsulation, you have a private data path through scoping.  Once you have numbers, you can build encryption in the language, and this you can have encrypted links.

Where possible, I prefer to treat crypto like I treat analog electronics.  
Both are not certain, but only work with extremely high probability.  For 
both, I like to place a layer of abstraction on top of them, the digital 
logic gate and capabilities, respectively, and then insist that circuits or 
programs be perfect under the counterfactual assumption that these 
primitives are implemented perfectly.  Intra-vat capabilities only rest of 
the analog illusion, not on the crypto one.

So I like to avoid stories that use crypto above the water line to 
substitute for what should have been pseudo-perfectly implemented, even if 
implemented on crypto that's no more perfect.


>>I'm also bothered that state and timing are involved in extracting
>>information.  If the object and/or verifier are slow to respond, and I
>>get bored waiting for an answer, then that's not a negative answer,
>>it's an I-don't-know.
>
>In a sequential language, there is no issue of timing.  That is introduced by concurrency; it is the introduction of concurrency that must addresses the timing issues.

I don't understand this.


        Cheers,
        --MarkM