At 02:27 PM 11/2/99 , Marc Stiegler wrote:
>I have this suspicion this is a trick question. But here is a quicky
>implementation, attached at the bottom.
Well, I at least tricked you into revealing where you were making a bad assumption. An essential/required property of the sealer/unsealer mechanism is that, starting from just a sealed box, or even from a sealed box together with the sealer that sealed it, one must not be able to obtain the contents of the box. Starting from a sealed box and the unsealer that corresponds to the sealer that sealed it, one can obtain the contents of the box. If you can obtain the box's unsealer from the box, then you can obtain the box's contents starting from just the box, and all the security properties disappear.
You may want to reread
http://www.erights.org/elib/capability/ode/ode-capabilities.html#rights-amp , ftp://www.agorics.com/pub1/agorics/postscript/MANUAL.B17.ps.Z , or http://www.mumble.net/jar/pubs/secureos2.html>...
> > def sealedBox {
> > to getSealer : any {sealer}
> > to getUnsealer : any {unsealer}
> > }
Cheers,
--MarkM