Process key question
Sun, 5 Apr 1998 15:21:02 -0700 (PDT)
Here is a question I ran into as I was working my way through a minor
revision of the Keyset code:
At least in Eros, there is no way, given a Domain key and a start key to
that domain, to tell that the start key is actually to that domain
1) Using the domain key to create a start key with the same keydata field
and comparing the keys with discrim. (This could take 65536 trys)
2) Using the Domain Creator of the Domain to get a Domain key from the
Start key, and using discrim to compare that key to the original Domain key.
Well, on second thought #2 doesn't look as bad as I had originally thought.
Anyway, my question was why don't Domain keys have an "identify gate key"
operation which, given a start/resume/fault key to the Domain, returns the
KeyData/Resume/Fault nature of the key. I cannot think of any obvious
security problems, and it seems like a useful order for Domain keys to
have -- requiring discrim to tell if a key is a key to you seems a little
Is there something I'm missing?
- Jonathan Adams