[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Java programs, etc.
I guess I wasn't clear again. My intention in writing
(* program java <hash-of-java-program>)
was to write a PREDICATE that matched a certain set of byte-strings
(or S-expressions), just as
(* range date 1997-01-01_00:00:00 1998-01-01_00:00:00)
matching a certain set of byte strings.
I did NOT propose that the java program be one that takes intersections
of various forms. Indeed, I think THAT is INSECURE! If we have two
certificates:
(certificate
(issuer alice)
(subject bob)
(tag (can-read-alices-file notes.txt)))
(certificate
(issuer bob)
(subject ted)
(tag (* program java <hash>)))
where the program always outputs
(can-read-alices-file diary.txt)
These should NOT compose to give
(certificate
(issuer alice)
(subject ted)
(tag (can-read-alices-file diary.txt)))
An intersection program should not be allowed to work on alice's tag
without her approval. By using *-forms, she is giving approval to the
"standard" intersection algorithm. But if another issuer approves an
intersection algorithm, that doesn't mean alice approves it. I don't
understand how "custom intersection algorithms" are supposed to be
authorized, and how they are supposed to work. My proposal was just for
a filter (a predicate) on byte strings. There would be no intersection
algorithm for it, but you could apply it to a byte string to see if
it passes. Thus, the standard intersection algorithm could work with
the custom predicate, if the rest of the chain reduces to a constant:
(certificate
(issuer alice)
(subject bob)
(tag (can-swim-on-day 17)))
(certificate
(issuer bob)
(subject ted)
(tag (* program java <hash-of-primality-testing-program>)))
works, giving
(certificate
(issuer alice)
(subject ted)
(tag (can-swim-on-day 17)))
Ron Rivest
Follow-Ups: