[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just a few questions
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: Just a few questions |
|
Date: |
Sun, 23 Oct 2005 13:41:48 -0400 |
On Sun, 2005-10-23 at 15:33 +0530, BVK Chaitanya wrote:
> If a process gets mouse pointer capability (say MPC), it shouldnt trust
> MPC unless it passes 'capability authentication' phase. Capability
> authentication guarantees that MPC you have is *really* *only* an MPC.
In practice, this is unlikely. The case where you use "identify" is when
the capability has arrived by way of an untrusted sender. An application
that uses the mouse is likely to assume that the display (and the
associated capabilities) is being provided as part of a standard,
trusted environment.
The cases where you tend to use "authenticate" are
(a) you are a server, you serve multiple clients,
they do not trust each other, and they may be
trying to hurt each other through you.
(b) you are a program that must keep secrets from
your client (for example: private keys) even
when this is your only client.
Both cases are rare.
shap