Const (Insecure Sensory) Keys and KeyKOS

[William S. Frantz]

>    As usual, the KeyKOS kernel already allows for this. Since a "const" key
>    implies no security principles, the kernel need (and does) have no
>    awareness of it.
> 
> If const is transitive, then the kernel probably needs to know the
> convention for downgrading a key.  I believe that Bryan's intent was for
> const to be transitive.

I have two problems with this concept.  (1) I am not sure exactly what
Const means, at least in the complex cases.  The example given (but I
havn't bothered to repeat it) from C++ seems to be just the tip of the
ice burg.  For example, it might be useful to consider the encodeing/
decodeing transformation to result in a Const "change".  Some of the
problems in file copy routines about when you keep the source file's
date in the output file, and when you insert the current data also 
apply.

The other problem is more directly related to KeyKOS (and its relatives).
If there is an architected "Const" convention that the kernel recognizes,
presumably when you fetch a key from a node using a node key with the
Const attribute, the fetched key will have the Const attribute.  (I assume
this is what is ment by transitive.)  What happens when the key is
inherently non-Const.  A KeyKOS resume key would seem on the surface
to be non-const.

-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA