[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust and Transitivity

To: Camillo.Sars@DataFellows.com, egerck@laser.cps.softex.br
Subject: Re: Trust and Transitivity
From: Baber Amin <BAMIN@novell.com>
Date: Fri, 23 May 1997 10:07:23 -0600
Cc: spki@c2.net, azb@llnl.gov
Sender: owner-spki@c2.net

I agree with Ed that trust is not transitive, but if I give X permission to
delegate, then I trust X to be responsible enough to make my trust in X
transitive.  Obviously, it needs to be setup in a fashion, so that when I
revoke my delegation certificate to X, anybody that X has delegated to on my
behalf also becomes null and void.  An example where this type of delegation
might be useful would be:
Alice gives Bob a cert to act as her in her absence.
Bob needs to leave on a family emergency and can't get hold of Alice, so he
delegates Alice's cert to Trudy.
Now Alice could have given a cert to Bob and Trudy both, before she left,
but she gave Bob a delegation cert and trusted his judgement not to abuse
the delegation.

:)

Baber



_________________________________________________
Rise above the clouds and  the master
pilot will guide you through the turbulence.

Baber Amin
801.861.5285
bamin@novell.com

>>> "E. Gerck" <egerck@laser.cps.softex.br> 05/23/97 08:32AM >>>
On Fri, 23 May 1997, [ISO-8859-1] Camillo SSrs wrote:

-> snip >
-> the privileges of the certificate.   So we agree that trust is not
-> transitive, and I claim that SPKI makes the same basic assumption by
-> requiring express permission to delegate.  And if I'm wrong, I'm quite
-> sure someone will correct me.
-> 

That was my first point in that e-mail! Trust is not transitive and it
is a "leap-of-faith" to give someone "permission to delegate". It is not
trust, it is faith.

While accepting a "leap-of-faith" may be something unavoidable -- even for
a business -- it is not correct to "certify" such ilogical statement and
dress it with an appearance of logic.

"Certifying" a leap-of-faith opens the door to implicit spoofing
situations (where someone may accept that at face value) or to plain wrong
decisions such as trusting Khadaffi on matters of X because you trust your
boss and he trusts Khadaffi on matters of X.

It is also wrong legally and would not be accepted as a legal excuse to
avoid responsibility "because I was just following orders that I trusted".
Nuremberg showed that.

Does SPKI accept such leaps-of-faith? It seems so and that is fine. At
least it is a type of referral and some trust can be assigned to your boss
-- so you could also trust to some degree what he also trusts.

What is, however, wrong is to say that "could also trust to some degree
what he also trusts"  means "must also 100% trust what he also trusts".

Since trust is not transitive and trying to use it could lead to an
untrusted situation, the question is then: can both "trust" and "could
also maybe trust" be present on equal footing in the same certificate or
equally result from the same certificate?

Yours,

Ed Gerck
______________________________________________________________________
Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br 
http://novaware.cps.softex.br 
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533

Prev by Date: Re: definition of cert - trust in SPKI certs
Next by Date: Re: Trust and Transitivity
Prev by thread: Re: Trust and Transitivity
Next by thread: Re: Trust and Transitivity
Index(es):
- Main
- Thread