[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trust and Transitivity
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 23 May 1997, E. Gerck wrote:
> Yes, it is relevant and it provides further logical consequences,
> which allow us to prove that "trust on matters of X" does NOT imply
> "trust on assigning trust on matters of X", which would be
> "transitive trust".
I'm afraid I phrased myself badly. What I intended to say was that
from the point of view of SPKI, the default is that the trust is not
transitive. I.e. you have to explicitly make a certificate that can
be delegated for trust to become transitive in the SPKI world.
> 3. Because Bob decided that he trusts Skywalker's in matters of X, this
> means that Bob can sign Skywalker's certificate on matters of X. (Easy)
Which is easily done using an SPKI auth tag.
> 4. Yet, Bob did NOT decide whether he trusts Skywalker's avaliation of
> other people on matters of X and so Bob does NOT sign Alice's certificate
> in matters of X.
Which in SPKI would be expressed by not allowing Skywalker to delegate
the privileges of the certificate. So we agree that trust is not
transitive, and I claim that SPKI makes the same basic assumption by
requiring express permission to delegate. And if I'm wrong, I'm quite
sure someone will correct me.
Camillo Sdrs <Camillo.Sars@DataFellows.com> Data Fellows Ltd.
http://www.Europe.DataFellows.com/ Secure Networking(tm) with
http://www.iki.fi/ged F-Secure SSH
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----