[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust and Transitivity

To: Camillo Särs <Camillo.Sars@DataFellows.com>
Subject: Re: Trust and Transitivity
From: "E. Gerck" <egerck@laser.cps.softex.br>
Date: Fri, 23 May 1997 09:58:01 -0300 (EST)
Cc: Tony Bartoletti <azb@llnl.gov>, spki@c2.net
In-Reply-To: <Pine.SGI.3.96.970523103233.9694J-100000@tinasolttu.cs.hut.fi>
Reply-To: "E. Gerck" <egerck@laser.cps.softex.br>
Sender: owner-spki@c2.net

On Fri, 23 May 1997, [ISO-8859-1] Camillo Särs wrote:

-> -----BEGIN PGP SIGNED MESSAGE-----
-> 
-> On Thu, 22 May 1997, E. Gerck wrote:
-> 
-> > 1. Skywalker signs Alice's key with tag X, so Skywalker trusts Alice in
-> > matters of X,
-> > 
-> > 2. Skywalker meets Bob and Bob decides that he trusts Skywalker in matters
-> > of X.
-> > 
-> > The question is: "Can you say that Bob trusts Alice in matters of X, based
-> > on the two assertions before?" 
-> > 
-> > The answer is "No". Let's see why.
-> 
-> This is certainly correct, but I don't think it really is relevant.

Camillo:

Yes, it is relevant and it provides further logical consequences, which
allow us to prove that "trust on matters of X" does NOT imply "trust on
assigning trust on matters of X", which would be "transitive trust". 

Let's proceed with further logical consequences from 1 and 2:

3. Because Bob decided that he trusts Skywalker's in matters of X, this
means that Bob can sign Skywalker's certificate on matters of X. (Easy)

4. Yet, Bob did NOT decide whether he trusts Skywalker's avaliation of
other people on matters of X and so Bob does NOT sign Alice's certificate
in matters of X. 

(for example, Skywalker could be an excellent boxeur and be trusted on
matters of the excellency of his fights but that does not mean he can be
trusted to evaluate other boxeurs to be excellent in their fights -- e.g.,
as a coach)

Here, it is important to note that (4) is true in two cases: (i) Bob did
NOT decide whether he trusts Skywalker's avaliation or, (ii) Bob decided
that he does NOT trust Skywalker's avaliation. An absence of judgement
means lack of base for decision.

The only case where Bob could sign Alice's certificate based on 1 to 2
above is if you introduce a fifth condition: 

5. Bob decides that he trusts Skywalker on matters of Y, where Y is
Skywalker's *certainty* that he can correctly decide whether *anyone*
can be trusted in matters of X or not.

If you take out **one** of the words: certainty or anyone, then 5 also
does NOT allow 1 and 2 to logically support Bob's decision to sign Alice's
certificate on matters of X. 

(note that *anyone* is necessary because Bob does NOT know Alice)

In summary, Bob's decision to trust Skywalker on matters of X does NOT
imply that he trusts Skywalker on matters of Y. 

Because Y would be the "transitive trust" property, this means that
"transitive trust" is negated. 

-> snip, already commented above>

Yours,

Ed Gerck

______________________________________________________________________
Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
http://novaware.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533

Follow-Ups:

Re: Trust and Transitivity

From: Camillo Särs <Camillo.Sars@DataFellows.com>

References:

Re: Trust and Transitivity

From: Camillo Särs <Camillo.Sars@DataFellows.com>

Prev by Date: Re: Trust and Transitivity
Next by Date: Re: definition of cert - trust in SPKI certs
Prev by thread: Re: Trust and Transitivity
Next by thread: Re: Trust and Transitivity
Index(es):
- Main
- Thread