[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java programs, etc.

To: rivest@theory.lcs.mit.edu (Ron Rivest)
Subject: Re: Java programs, etc.
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 14 Apr 1997 16:42:22 -0400
Cc: bt0008@entropy.sbc.com, spki@c2.net, blampson@microsoft.com
In-Reply-To: <199704081756.AA27181@swan.lcs.mit.edu>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 01:56 PM 4/8/97 EDT, Ron Rivest wrote:
>
>I guess I wasn't clear again.  My intention in writing
>
>	(* program java <hash-of-java-program>)
>
>was to write a PREDICATE that matched a certain set of byte-strings
>(or S-expressions), just as
>	
>	(* range date 1997-01-01_00:00:00 1998-01-01_00:00:00)
>
>matching a certain set of byte strings. 
>
>I did NOT propose that the java program be one that takes intersections
>of various forms.  Indeed, I think THAT is INSECURE!

Ron,

	Matt is going to write up his version of this, but my view is that a (* 
program ...) tag set represents a set of tags (as does any other * form).  
You can do that by having a program generate a full set of tags -- maybe as 
a (* set ...) -- or you can make the program a little more intelligent.  It 
could take as a parameter one explicit (tag ) and generate the subset of its 
set of tags which intersect with the explicit tag.  It might also take a set 
of 5-tuples and generate a different set of tags depending on the input 
5-tuples.  Such a program is, in fact, what PolicyMaker does and is 
equivalent to taking intersections (or worse).  If you think this is 
insecure, then that's a topic for discussion -- especially with MAB -- but I 
don't see how to distinguish (* program ) from something that takes 
intersections.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM1KWqlQXJENzYr45AQFMFQQAjmFR0ZNsesxPKu7p12PU+Ahv4asHND1Y
/I9aif4z6GIh6QgjbZhK85hTKEhVFYzPz+trP0dxp+r9wmZv1yzDKeDnUngFylKu
r//6U9Rz6nrEwJ35gobLHcBLFmhY3R5SLlY0AGRQf9kcFnv7BiZVfylzyg4nu06R
3gY0UEnb8IY=
=GTKL
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Java programs, etc.

From: rivest@theory.lcs.mit.edu (Ron Rivest)

Prev by Date: Re: Tag-ID caveat
Next by Date: certificate translation
Prev by thread: Re: Java programs, etc.
Next by thread: Java programs, etc.
Index(es):
- Main
- Thread