[Cryptography] What do we mean by Secure?

Bill Frantz frantz at pwpconsult.com
Tue Feb 10 02:39:50 EST 2015 

On 2/10/15 at 8:59 PM, ben at links.org (Ben Laurie) wrote:
>On 9 February 2015 at 16:23, Phillip Hallam-Baker <phill at hallambaker.com>
>wrote:
>
>>Of course, I don't know of any system that would make such a policy viable.

>As Bill points out, this is exactly the point of capability systems (he
>didn't say it, but it is what he meant). A long time ago we had a choice
>between ACLs and capabilities, and we chose the wrong thing.

OK, Ben has outed me. I confess. I've been working on capability 
systems since the early 1970s. The capability model is the only 
way I can understand how authority moves from actor to actor in 
a system. When I hear about other models, I think, "That complex 
mess. How can it possibly work?"

A brief bio for people who don't know me. I was one of the 
original Gnosis/KeyKOS developers 
<http://www.cis.upenn.edu/~KeyKOS/>. If you want the design 
document, see 
<http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosis/keywelcome.html>. 
I worked on the E language system <http://www.erights.org/> 
where I developed the cryptographic communication protocol used 
between E objects 
<http://www.erights.org/elib/distrib/vattp/index.html>. I have 
also worked on EROS/CapROS <http://www.capros.org/>, a 
clean-room version of Gnosis/KeyKOS available under GPL as an 
application-level programmer.

Capability systems are very good at least authority. Least 
authority is the best way I know to approach the ideal of a 
secure system.

<TINFOIL HAT>

I recently heard a tale about how the NSA suppressed research 
into capability systems in the 1980s by ensuring that no one who 
knew anything about them could get government funding. Two facts 
give this story credibility. (1) The people who had been working 
with capability systems in universities moved to other projects 
(because they and their grad students couldn't get funded). (2) 
The only papers published about capability systems in this era 
were written by people who didn't know anything about capability systems.

</TINFOIL HAT OFF>

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Privacy is dead, get over    | Periwinkle
(408)356-8506      | it.                          | 16345 
Englewood Ave
www.pwpconsult.com |              - Scott McNealy | Los Gatos, 
CA 95032

More information about the cryptography mailing list