[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
Carl Ellison, <firstname.lastname@example.org>, writes:
> Allowing indefinite delegation is just a way to encourage people not to loan
> out their private keys. If we were running pure capability systems, this
> would be second nature. Bill does, which is why it's his point. We shouted
> him down in the SPKI drafts, but he really wanted delegation to be automatic.
> The argument for it is that an end user, trusted or not (and there's that
> nasty word again :), will find a way to let someone else use his power...so
> you might as well cooperate with the inevitable.
I know this was debated at length in the early design of SPKI. Personally
I agree that allowing delegation makes sense. It's not just a matter
of loaning private keys. I may be authorized to make certain kinds of
requests, and I have an internal policy of trusting a second party to
make those requests. So whenever they ask, I will ask. It is simpler to
let me express this policy publicly, so that their requests are honored
as though I made them. If this is not allowed then we simply accomplish
the same thing less efficiently, by having me forward the requests they
made, under my name.
In any case it appears that Matt has described a clever way to control
delegation in KeyNote at the boolean level, similar to SPKI.