At 11:20 AM -0800 1/7/98, Jonathan S. Shapiro wrote:
>The spacebank currently has a means do allocate and deallocate
>storage, and to sever a capability.
>
>The sever operation can be used to determine if a key is owned by a
>given bank, but only destructively.
>
>I am contemplating adding order codes of the form
>
> Identify1Key
> Identify2Key
> Identify3Key
>
>These orders will confirm (yes/no) whether the key passed is a key
>that the spacebank could legally accept for purposes of rescind
>(i.e. the rules are the same), but does not actually *perform* the
>rescind.
>
>Does anyone see a reason *not* to do this, given that the
>functionality is already more or less exposed? I don't see a new
>covert channel here, but it is conceivable that I am missing
>something.
The KeyKOS design philosophy was, if you could get the information, abet destructivity, and getting it was useful, then there should be an easy way of getting it. That philosophy says, "Go for it."
Bill Frantz | One party wants to control | Periwinkle -- Consulting (408)356-8506 | what you do in the bedroom,| 16345 Englewood Ave. frantz@netcom.com | the other in the boardroom.| Los Gatos, CA 95032, USA