[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cap exchange race with map/unmap

From: Marcus Brinkmann
Subject: Re: cap exchange race with map/unmap
Date: Wed, 19 Oct 2005 00:07:30 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Tue, 18 Oct 2005 14:27:56 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:

[A broken protocol snipped]

> I believe that the only possible protocol that could be correct is for
> all object servers to return by way of CapServer.

I agree.  This is exactly what I proposed in my talk in Dijon.

The server maps a revocable copy to the cap server.  The cap server
maps another revocable copy to each client.

> In practice, this
> makes locally trusted CapServers impossible, because a general-purpose
> server cannot make assumptions about how the objects it creates will
> later be transferred.

I agree again.  Server and client must agree on the same cap server,
which they both must trust.

Note: Not sure if me agreeing helps anybody.  I am dead tired (I beat
Jonathan's four hours "last nights sleep" by one hour![1]).  But in light
of lots of confusion and back-and-forth, some people may find it
helpful to see some agreement once in a while :)


[1] This is not a contest I want to win.  Don't get any funny ideas. :)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]