[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust and Transitivity

On Fri, 23 May 1997, [ISO-8859-1] Camillo Särs wrote:

-> snip >
-> the privileges of the certificate.   So we agree that trust is not
-> transitive, and I claim that SPKI makes the same basic assumption by
-> requiring express permission to delegate.  And if I'm wrong, I'm quite
-> sure someone will correct me.

That was my first point in that e-mail! Trust is not transitive and it
is a "leap-of-faith" to give someone "permission to delegate". It is not
trust, it is faith.

While accepting a "leap-of-faith" may be something unavoidable -- even for
a business -- it is not correct to "certify" such ilogical statement and
dress it with an appearance of logic.

"Certifying" a leap-of-faith opens the door to implicit spoofing
situations (where someone may accept that at face value) or to plain wrong
decisions such as trusting Khadaffi on matters of X because you trust your
boss and he trusts Khadaffi on matters of X.

It is also wrong legally and would not be accepted as a legal excuse to
avoid responsibility "because I was just following orders that I trusted".
Nuremberg showed that.

Does SPKI accept such leaps-of-faith? It seems so and that is fine. At
least it is a type of referral and some trust can be assigned to your boss
-- so you could also trust to some degree what he also trusts.

What is, however, wrong is to say that "could also trust to some degree
what he also trusts"  means "must also 100% trust what he also trusts".

Since trust is not transitive and trying to use it could lead to an
untrusted situation, the question is then: can both "trust" and "could
also maybe trust" be present on equal footing in the same certificate or
equally result from the same certificate?


Ed Gerck
Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533