[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Translucent storage: design, pros, and cons

From: Tom Bachmann
Subject: Re: Translucent storage: design, pros, and cons
Date: Fri, 12 Jan 2007 20:13:43 +0100
User-agent: Thunderbird (X11/20061231)

Hash: SHA1

Jonathan S. Shapiro schrieb:
> On Fri, 2007-01-12 at 19:58 +0100, Tom Bachmann wrote:
>> Well. I have the binary of a program (or, actually, it's source code,
>> but there exists a compiled version, for convenience). I load it into
>> memory and give it whatever capabilities I think are needed, enforcing
>> whatever properties I want. What can the constructor do that I can't?
> Tom: 
>   1) What about capabilities it holds that you do not?

I create it. All capabilities that it has have been given to it by me.
This is, as I understand it, a core property of the partial design
Marcus described in part two of his notes.

>   2) There is still utility in doing this by means of a commonly used
>      routine.

Yes, and as I have said before, I don't argue that it is to be removed
per se (actually, not at all, for exactly the reason you state), but
that it is not to be considered a "relevant" part of the design, if it's
utility drops to only being commonly used for convenience (which is what
it appears to me to be in the translucent storage / hierarchic trust
relationships design).
- --
- -ness-
Version: GnuPG v1.4.6 (GNU/Linux)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]