[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trust and Transitivity
Thanks to all who have engaged this thread, and especially to Bill Frantz and
Brian Thomas for bringing clarity to what I intended by my original statements.
I used the term "trust" in the mechanical sense, meaning that I have recorded
a decision to transfer some range of authority to another entity via a signed
key (certificate). At best, PKI serves to provide a mathematically "ironclad"
means of executing, recording and tracing these mechanical decisions to grant
(or revoke) authority. In this limited sense, the "trust" represented by a
certification is transitive, and transitive closure is what we seek in the
validation of a certificate chain, or certificates have no value whatsoever.
We would like to establish and maintain trust in the metaphysical sense. The
degree to which we cannot is influenced my many factors, the great majority of
which involve human nature and cannot be addressed in other ways. But some of
the reasons trust fails ARE attributable to weak mechanics, and PKI serves to
eliminate (ok, mitigate) many of these mechanical concerns.