[Cryptography] Capability Myths Demolished was: Do capabilities work? Do ACLs work?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Feb 16 01:22:43 EST 2015


As a general reply to this (I was trying to avoid turning it into a long
thread since it's probably not worth going into lots of detail on), I read the
"Capability Myths Demolished" paper some years ago and compared it to a
(hypothetical) "X.509 Myths Demolished" [0], or from the non-IT world,
"Monorail Myths Demolised", "Communism Myths Demolished", "CDO Myths
Demolished" [1], and so on: if you pick your examples very carefully and
propose theoretical solutions that don't necessarily have to work in practice
(or, even worse, that have been shown not to work when deployed in the real
world) then you can "demolish" all sorts of "myths".

Peter.

[0] I actually read a paper on this theme a few years ago, its premise was
    that if we all used smart cards for everything then X.509 could be made to
    work.  It was actually valid, if we could deploy smart cards everywhere 
    and get people to use them correctly at all times then we could make X.509
    work.  The only thing missing was the squadrons of flying pigs to 
    distribute the cards to users.
[1] Although that particular one hadn't happened at the time.


More information about the cryptography mailing list