Lists Home |
Date Index |
John Cowan wrote:
> Gavin Thomas Nicol scripsit:
> > > Security through obscurity is the worst kind of security there is.
> > I'm not talking about security via obscurity.... but rather not having
> > *any* path to a resource unless explictly granted it. One is roughly
> > akin to ACL's, the other, capabilities.
> It depends on how deep the obscurity is. If you have to guess a
> 64-bit truly random number to get access to the resource, it
> is effectively secure, which is why a very reasonable implementation
> of capabilities is to add such a number to an address. The
> capability can then be passed around without central coordination,
> but outsiders aren't going to get any access in practice,
> since brute-forcing 64 bits is not practical.
Agree. I see no functional difference between string-based capabilities
and crypto key URIs except for the dereferencing strategy. I am not an
expert on capability-based security so I'll watch for a correction...