[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cap exchange race with map/unmap
From: |
Marcus Brinkmann |
Subject: |
Re: cap exchange race with map/unmap |
Date: |
Tue, 18 Oct 2005 19:15:43 +0200 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Tue, 18 Oct 2005 13:01:04 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
>
> On Tue, 2005-10-18 at 14:55 +0100, Neal H. Walfield wrote:
> > At Tue, 18 Oct 2005 08:42:55 -0400,
> > Jonathan S. Shapiro wrote:
> > > In order to implement the protocol that you describe, the cap server
> > > requires:
> > >
> > > a) sufficient authority to inspect the content of every capability
> >
> > I am not sure that this much authority is required depending on the
> > design of the server. (See below.)
> >
> > > b) sufficient authority to fabricate any capability (because it
> > > must be able to exchange any capability).
> >
> > I take issue with the any "qualifier" here. The cap server needs to
> > be able to exchange any capability that is *manages*.
>
> Please name a capability that does not require this management?
All capabilities that are "single revocable copy only", ie, which are
mapped, but for which the receiver does not need (nor should) be
allowed to retrieve a copy.
The only operation that the receiver can perform is to pass this
capability to another server as a form of authentication. There were
a number of useful cases in the Hurd for this.
Note that there are a lot of assumptions made behind this, and I
always only considered this to be an optimization, not a paradigm.
So, I think you are quite right with a) and b) for semantical purposes.
Thanks,
Marcus
- Re: Comparing "copy" and "map/unmap", (continued)
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/15
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/17
- Re: Comparing "copy" and "map/unmap", Jonathan S. Shapiro, 2005/10/18
- Local IPC (was Re: Comparing "copy" and "map/unmap"), Espen Skoglund, 2005/10/18
- Re: Local IPC (was Re: Comparing "copy" and "map/unmap"), Jonathan S. Shapiro, 2005/10/18
- Re: Comparing "copy" and "map/unmap", Matthieu Lemerre, 2005/10/21
- cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap,
Marcus Brinkmann <=
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Espen Skoglund, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/19
- Re: cap exchange race with map/unmap, Neal H. Walfield, 2005/10/19
- Re: cap exchange race with map/unmap, Marcus Brinkmann, 2005/10/18
- Re: cap exchange race with map/unmap, Jonathan S. Shapiro, 2005/10/18