Key/Object equivalence?

[Jonathan Shapiro]

   Scanning through one of the KeyKOS papers again, I noticed
   the "Keybits" object, which presumably is used to implement KIDs.
   Are keys to this object generally available to most everything
   in a KeyKOS system, or are they privileged?  In other words,
   is having read-only access to the actual bits comprising a key
   considered a security threat in some situations?

My recollection is that KeyBits and Discrim are fairly closely held by
trusted services.  Discrim only answers same/different.  KeyBits lets
you discover a fait bit about what the key really points to, which
probably poses some security issues.  Bill and Charlie can speak to
what issues better than I.


Jonathan