Re: cap exchange race with map/unmap

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cap exchange race with map/unmap

From:	Jonathan S. Shapiro
Subject:	Re: cap exchange race with map/unmap
Date:	Tue, 18 Oct 2005 14:13:02 -0400

On Tue, 2005-10-18 at 19:15 +0200, Marcus Brinkmann wrote:
> > Please name a capability that does not require this management?
> 
> All capabilities that are "single revocable copy only", ie, which are
> mapped, but for which the receiver does not need (nor should) be
> allowed to retrieve a copy.

I agree. And we have previously established that we need to understand
how often this occurs in practice, and I have promised to describe where
this pattern is used in EROS/KeyKOS.

> The only operation that the receiver can perform is to pass this
> capability to another server as a form of authentication.

The question at hand concerns interaction with the cap server, and is
orthogonal to authentication. The general pattern is any place where the
sender transmits a capability that they wish to be able to selectively
revoke later.

I do understand that authentication tokens are an example of where this
operation might be used.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Comparing "copy" and "map/unmap", (continued)

Prev by Date: Re: problems with hierarchy: L4 pagers
Next by Date: Re: cap exchange race with map/unmap
Previous by thread: Re: cap exchange race with map/unmap
Next by thread: Re: cap exchange race with map/unmap
Index(es):
- Date
- Thread