How does ocap help? Wouldn't the attacker just exfiltrate the ... • Aaron Parecki

86°F

Christopher Lemmer Webber https://octodon.social/@cwebber • Dec 4
Typosquatted Python libraries exfiltrating PGP and SSH keys https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
Same stuff as the event-stream incident, effectively. This is only going to get worse; object capability security is no longer an optional thing; we need it to survive as a society.

How does ocap help? Wouldn't the attacker just exfiltrate the ocap token?

Seems like a better idea would be to use a hardware security model to contain the private keys, only letting the machine use them but not copy them out.

Portland, Oregon • 42°F

Wed, Dec 4, 2019 9:10am -08:00

1 reply
Have you written a response to this? Let me know the URL:
- Christopher Lemmer Webber octodon.social/@cwebber
  
  @aaronpk I'm discussing Ocap-level module safety. SES in Javascript is doing this to a large degree (Jessie moreso). Not talking about tokens here but references. The idea is that reference passing *is* language-level ocaps; normal argument passing to functions is ocap security, see: http://mumble.net/~jar/pubs/secureos/secureos.html
  Extending that to the module layer, a module only gets the authority you pass into it.
  
  Wed, Dec 4, 2019 5:12pm +00:00

Posted in /replies using monocle.p3k.io