Just as reminder:
Situation: S -> C -> (1 reference) A -> B
Goal: /-> (1 reference) A S-> C -> (1 reference) B
In the start situation A is trusted by B to provide the endpoint to S. Since A could unmap this endpoint everytime.
Therefore B can ask A for a new reference. Since A can not provide this service, it asks C and attaches a [1] return endpoint to B in its message.
C answers directly to B and maps them a new reference.
This protocol requires that the receiver of the capability, in this case B, makes a blocking call to the sender, in this case A. But in many cases B does not trust A enough to block indefinitely until A does the right thing.
To get into the start situation B has to receive a mapping from A. If this mapping was done, as an result of an RPC (because B requested the mapping) B blocked on A.
If A send this capability within a request to B, it could easily ask C to send this request.
For example, in the case where a client wants to submit a capability reference to a server (let's say a name server).
Assume B is a nameserver and A wants to "upload" a capability reference. Then A calls C, which sends a new reference to B.
Bernhard