[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Trust and Transitivity
This discussion reminds me of the Trusted Computer Base Evaluation Criteria model, from the governments of the USA, Canada and England. It has object typing and with a trust model. I am not exactly sure it matchs the exact issues of what you are discussing, since I follow this list off and on. It is based on" ideals and lattice theory". In a very simplified statement, one can trust some one equal or higher, but not someone lower in the hierachy. Example if A is rated as medium-sensitive and B is rated as very-sentitive. Then A could trust B, But B could not Trust A.
Now this is transitive in one direction A trust B and B trusts C implies that A trusts C, but not C trusts A.
Hope I did not miss the mark on this dialogue. If so forgive....
From: Ken Rowe [SMTP:firstname.lastname@example.org]
Sent: Thursday, May 22, 1997 8:30 PM
To: Tony Bartoletti
Cc: email@example.com; firstname.lastname@example.org
Subject: Re: Trust and Transitivity
I agree, trust is transitive.
When looking at the trust relationships in a system you need to
consider whether you have transitive closure. This is especially
true for "certificates."
At 04:53 PM 5/22/97 -0700, Tony Bartoletti wrote:
>Ed Gerck wrote "However, trust is not transitive."
>I believe that, functionally speaking, trust IS transitive, in as much as we
>speak to the limited domains of trust represented by signed (auth tag) certs.
>When I sign your key with the tag X, I am saying that I trust you to be
>(honest, knowledgeable, use-good-judgement) in matters of X. I may not
>trust Khaddafi in such matters, or think that I do not, but if YOU do and
>you are basing your actions on his behalf, than I am implicitly trusting
>Khaddafi. Had I known that you get your direction from Khaddafi, I might
>not have placed trust in you in the first place, but that is a another issue.
>My two cents.