[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Trust and Transitivity
I think you are missing the point here. Because the validity of the
delegated certificate is the intersection of your validity to X and the
validity of his delegation to anyone else, you should be sure that you made
this period short enough so that it unlikely that X has suddenly become
untrustworthy. Trust should not be delegated in other situations.
Jim Rome
At 10:07 AM 5/23/97 -0600, Baber Amin wrote:
>I agree with Ed that trust is not transitive, but if I give X permission to
>delegate, then I trust X to be responsible enough to make my trust in X
>transitive. Obviously, it needs to be setup in a fashion, so that when I
>revoke my delegation certificate to X, anybody that X has delegated to on my
>behalf also becomes null and void. An example where this type of delegation
>might be useful would be:
>Alice gives Bob a cert to act as her in her absence.
>Bob needs to leave on a family emergency and can't get hold of Alice, so he
>delegates Alice's cert to Trudy.
>Now Alice could have given a cert to Bob and Trudy both, before she left,
>but she gave Bob a delegation cert and trusted his judgement not to abuse
>the delegation.
>
>:)
>
>Baber
>
>
>
>_________________________________________________
>Rise above the clouds and the master
>pilot will guide you through the turbulence.
>
>Baber Amin
>801.861.5285
>bamin@novell.com
>
>>>> "E. Gerck" <egerck@laser.cps.softex.br> 05/23/97 08:32AM >>>
>On Fri, 23 May 1997, [ISO-8859-1] Camillo SSrs wrote:
>
>-> snip >
>-> the privileges of the certificate. So we agree that trust is not
>-> transitive, and I claim that SPKI makes the same basic assumption by
>-> requiring express permission to delegate. And if I'm wrong, I'm quite
>-> sure someone will correct me.
>->
>
>That was my first point in that e-mail! Trust is not transitive and it
>is a "leap-of-faith" to give someone "permission to delegate". It is not
>trust, it is faith.
>
>While accepting a "leap-of-faith" may be something unavoidable -- even for
>a business -- it is not correct to "certify" such ilogical statement and
>dress it with an appearance of logic.
>
>"Certifying" a leap-of-faith opens the door to implicit spoofing
>situations (where someone may accept that at face value) or to plain wrong
>decisions such as trusting Khadaffi on matters of X because you trust your
>boss and he trusts Khadaffi on matters of X.
>
>It is also wrong legally and would not be accepted as a legal excuse to
>avoid responsibility "because I was just following orders that I trusted".
>Nuremberg showed that.
>
>Does SPKI accept such leaps-of-faith? It seems so and that is fine. At
>least it is a type of referral and some trust can be assigned to your boss
>-- so you could also trust to some degree what he also trusts.
>
>What is, however, wrong is to say that "could also trust to some degree
>what he also trusts" means "must also 100% trust what he also trusts".
>
>Since trust is not transitive and trying to use it could lead to an
>untrusted situation, the question is then: can both "trust" and "could
>also maybe trust" be present on equal footing in the same certificate or
>equally result from the same certificate?
>
>Yours,
>
>Ed Gerck
>______________________________________________________________________
>Dr.rer.nat. E. Gerck egerck@laser.cps.softex.br
>http://novaware.cps.softex.br
>P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil - Fax: +55-19-2429533
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>