[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Trust and Transitivity

This discussion reminds me of the Trusted Computer Base Evaluation Criteria model, from the governments of the USA, Canada and England. It has object typing and with a trust model. I am not exactly sure it matchs the exact issues of what you are discussing, since I follow this list off and on.  It is based on" ideals and lattice theory".  In a very simplified statement, one can trust some one equal or higher, but not someone lower in the hierachy.  Example if A is rated as medium-sensitive and B  is rated as very-sentitive. Then A could trust B, But B could not Trust A.

Now this is transitive in one direction A trust B and B trusts C implies that A trusts C,  but not C trusts A.

Hope I did not miss the mark on this dialogue. If so forgive....

Later, Rik

-----Original Message-----
From:	Ken Rowe [SMTP:kerowe@ncsa.uiuc.edu]
Sent:	Thursday, May 22, 1997 8:30 PM
To:	Tony Bartoletti
Cc:	spki@c2.net; egerck@laser.cps.softex.br
Subject:	Re: Trust and Transitivity

I agree, trust is transitive. 
When looking at the trust relationships in a system you need to 
consider whether you have transitive closure.  This is especially 
true for "certificates."

At 04:53 PM 5/22/97 -0700, Tony Bartoletti wrote:
>Ed Gerck wrote "However, trust is not transitive."
>I believe that, functionally speaking, trust IS transitive, in as much as we
>speak to the limited domains of trust represented by signed (auth tag) certs.
>When I sign your key with the tag X, I am saying that I trust you to be
>(honest, knowledgeable, use-good-judgement) in matters of X.  I may not
>trust Khaddafi in such matters, or think that I do not, but if YOU do and
>you are basing your actions on his behalf, than I am implicitly trusting
>Khaddafi.  Had I known that you get your direction from Khaddafi, I might
>not have placed trust in you in the first place, but that is a another issue.
>My two cents.