From: Rogelio M. S. Jr. <ro...@ev...> - 2000-03-01 02:35:42
|
>If capabilities are to reside in - unprotected - user space we'll need >to use encryption, but AFAIK revocation isn't easier with encrypted >capabilities than with clists in kernel space (IMHO it would be easier >with the kernel controlled clists). > >/Kasper We can just replace the random number in the protected object can't we? Encryption is also reliable. I'm afraid I don't see how in-kernel clists would be easier to manage than otherwise. |