[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design principles and ethics (was Re: Execute without read (was [...
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: Design principles and ethics (was Re: Execute without read (was [...])) |
|
Date: |
Sun, 30 Apr 2006 10:03:30 -0400 |
On Sun, 2006-04-30 at 10:41 +0200, Tom Bachmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonathan S. Shapiro wrote:
> > It is also not confinement if the parent can read the child without the
> > consent of the child. Therefore it is not confinement at all.
> >
>
> I have two problems with this statement. a) Every process has been
> instantiated by /someone/, so every process has a parent. b) i agree
> with you that this is not confinement, but the parent *may* confine the
> child by dropping all references to it.
Yes, the parent can do that. No, it is NOT confinement. Confinement is
when we know that the parent MUST drop all references, by virtue of
being trusted.
> a) Whith the kind of confinement you propose, the parent is a
> constructor (iiuc). The confinement works because the constructor is
> trusted. So if the user can trust *one* programm running, she can use
> this program to instantiate confined subsystems for her.
Yes. However, Marcus proposes in effect that *every* parent should be
able to read the state of its children. If a trusted program like the
one that you describe is introduced, it becomes possible to use it for
DRM.
shap
- Re: The gun analogy (Was: Design Principles), (continued)
- Re: The gun analogy (Was: Design Principles), Jonathan S. Shapiro, 2006/04/30
- Re: The gun analogy (Was: Design Principles), Marcus Brinkmann, 2006/04/30
- Re: The gun analogy (Was: Design Principles), Jonathan S. Shapiro, 2006/04/30
- Re: The gun analogy (Was: Design Principles), Marcus Brinkmann, 2006/04/30
- Re: The gun analogy (Was: Design Principles), Jonathan S. Shapiro, 2006/04/30
- Re: The gun analogy (Was: Design Principles), Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Jonathan S. Shapiro, 2006/04/29
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Bas Wijnen, 2006/04/29
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Jonathan S. Shapiro, 2006/04/29
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Tom Bachmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])),
Jonathan S. Shapiro <=
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Bas Wijnen, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Bas Wijnen, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Jonathan S. Shapiro, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Marcus Brinkmann, 2006/04/30
- Re: Design principles and ethics (was Re: Execute without read (was [...])), Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30
- Re: Design principles and ethics, Bas Wijnen, 2006/04/30
- Re: Design principles and ethics, Tom Bachmann, 2006/04/30