[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
At 11:07 PM -0800 3/13/98, Matt Blaze wrote:
>Yes, that's correct. But a credential that doesn't want to allow
>deligation can test that the value of $action_signers is the same
>as the key being authorized. (This is admitedly a bit subtle, but
>seems clearner than including an explict mechanism for this. If
>people insist, we could also include some kind of $cert_depth
>magic variable that gives the "distance" from the action_signers.
>But I'd have to think about the implications of doing this).
As the discussion starts to push one of my hot buttons: Note that since you
can not prevent "informal" delegation by technical means, it is better to
design the technology to provide an audit trail of the actual delegations,
so you can control delegation by social means.
Thanks Carl for jumping in. I will briefly note that in order to prevent
delegation, you need confinement. It is hard to imagine how to do
confinement in an open, distributed systems like the Internet, where anyone
can hack their machine to do anything they want with what that machine has.
I think Mark Miller has good discussion of these issues at:
http://crit.org/http://www.caplet.com/security/taxonomy/
(If you have trouble going through the crit moderator, try):
http://www.caplet.com/security/taxonomy
See also:
http://www.communities.com/company/papers/security/index.html
-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
Follow-Ups:
References: