[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Camillo Särs <Camillo.Sars@DataFellows.com>*Subject*: Re: Trust and Transitivity*From*: "E. Gerck" <egerck@laser.cps.softex.br>*Date*: Fri, 23 May 1997 09:58:01 -0300 (EST)*Cc*: Tony Bartoletti <azb@llnl.gov>, spki@c2.net*In-Reply-To*: <Pine.SGI.3.96.970523103233.9694J-100000@tinasolttu.cs.hut.fi>*Reply-To*: "E. Gerck" <egerck@laser.cps.softex.br>*Sender*: owner-spki@c2.net

On Fri, 23 May 1997, [ISO-8859-1] Camillo Särs wrote: -> -----BEGIN PGP SIGNED MESSAGE----- -> -> On Thu, 22 May 1997, E. Gerck wrote: -> -> > 1. Skywalker signs Alice's key with tag X, so Skywalker trusts Alice in -> > matters of X, -> > -> > 2. Skywalker meets Bob and Bob decides that he trusts Skywalker in matters -> > of X. -> > -> > The question is: "Can you say that Bob trusts Alice in matters of X, based -> > on the two assertions before?" -> > -> > The answer is "No". Let's see why. -> -> This is certainly correct, but I don't think it really is relevant. Camillo: Yes, it is relevant and it provides further logical consequences, which allow us to prove that "trust on matters of X" does NOT imply "trust on assigning trust on matters of X", which would be "transitive trust". Let's proceed with further logical consequences from 1 and 2: 3. Because Bob decided that he trusts Skywalker's in matters of X, this means that Bob can sign Skywalker's certificate on matters of X. (Easy) 4. Yet, Bob did NOT decide whether he trusts Skywalker's avaliation of other people on matters of X and so Bob does NOT sign Alice's certificate in matters of X. (for example, Skywalker could be an excellent boxeur and be trusted on matters of the excellency of his fights but that does not mean he can be trusted to evaluate other boxeurs to be excellent in their fights -- e.g., as a coach) Here, it is important to note that (4) is true in two cases: (i) Bob did NOT decide whether he trusts Skywalker's avaliation or, (ii) Bob decided that he does NOT trust Skywalker's avaliation. An absence of judgement means lack of base for decision. The only case where Bob could sign Alice's certificate based on 1 to 2 above is if you introduce a fifth condition: 5. Bob decides that he trusts Skywalker on matters of Y, where Y is Skywalker's *certainty* that he can correctly decide whether *anyone* can be trusted in matters of X or not. If you take out **one** of the words: certainty or anyone, then 5 also does NOT allow 1 and 2 to logically support Bob's decision to sign Alice's certificate on matters of X. (note that *anyone* is necessary because Bob does NOT know Alice) In summary, Bob's decision to trust Skywalker on matters of X does NOT imply that he trusts Skywalker on matters of Y. Because Y would be the "transitive trust" property, this means that "transitive trust" is negated. -> snip, already commented above> Yours, Ed Gerck ______________________________________________________________________ Dr.rer.nat. E. Gerck egerck@laser.cps.softex.br http://novaware.cps.softex.br P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil - Fax: +55-19-2429533

**Re: Trust and Transitivity***From*: Camillo Särs <Camillo.Sars@DataFellows.com>

**Re: Trust and Transitivity***From*: Camillo Särs <Camillo.Sars@DataFellows.com>

- Prev by Date:
**Re: Trust and Transitivity** - Next by Date:
**Re: definition of cert - trust in SPKI certs** - Prev by thread:
**Re: Trust and Transitivity** - Next by thread:
**Re: Trust and Transitivity** - Index(es):