At 01:34 PM 12/18/98 -0500, shapj@us.ibm.com wrote:
>I am considering a seemingly simple security question, and I am not
>confident about my outcome. Please note that this question is not meant to
>be specific to E -- distribution and proxy issues might well impact the
>outcome, and I do not want to consider that at the moment.
>
>Given two capabilities A and B, I can see no negative security implications
>to permitting an application to perform the 'eq' test (are these
>capabilities identical?)
[#] The KeyKOS answer is yes. The "EQ" key was generally available.
>Consider now two capabilities naming the same object with distinct
>interfaces (e.g. a client capability and an administrator capability for
>the same object). Are there negative security implications to being able
>to ask the object-EQ question (i.e. do these two capabilities name the same
>object, irrespective of what authority they convey)?
[#] The KeyKOS answer is no. Separate authorities are represented by different keys. If indeed the two keys are to the same underlying implementation, the EQ operation will still show them as "not equal". In KeyKOS, the data byte of the key was most often used to represent different authorities to the same domain.