[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Summary Trust x Delegation, was Re: Trust and Transitivity

If I may, I would like to summarize what I perceive as the list's trends
today, so we can have an overview of the <long> interesting contributions.

Of course, I had to hash some of the information, but that's what
summaries are supposed to do ;-) 

We have the following *main* groups, propositions and comments:

A. "Trust is not transitive" is a fact in all cases even with perfect
agents, because examples can be found to the contrary (one counter example
is sufficient).  If you want to delegate, that is another story and you
need higher tools such as provided by gauge-theory, Dampster-Shafer
theory, a theory of trust (which we are discussing), checks & balances,
etc. Mixing "trust"  and so-called "transitive trust"  (which actually
would be delegation) on equal footing leads to severe contradictions. 
Agains the notion that trust could propagate with a type of exponential
decay was the concept that trust could go through a type of immediate
"phase-transition" and just disappear in one step -- since you don'tknow
if this step will be the first one, you can't allow trust to propagate.

B. "Trust is not transitive" only if you take forgery and unlawful acts
into account. Then, if you enforce strict laws and penalties you can make
trust transitive and just punish the miscreants. So, delegation can be
equated to transitive trust and future trust decisions be indirectly made
based on past direct trust decisions. There is also one voice that added
that such transitive trust could have a type of "exponential decay" as a
function of number of indirect steps, others spoke of time and number of
steps limit to transitive trust. So trust would be allowed to propagate to
transitive trust, but it should then obey a type of diffusion law, both in
space as well as in time. 

C. "Trust is transitive". There is no issue about it and delegation is a

I include my opinion in group A.

I also would say that if group (C) is right then the SPKI draft does not
have to be changed on the <auth> issues.

However, if (A) or (B) are right, then that must be taken into account in
the draft, the notion of delegation must be made much clearer and the
<auth> issues must be revisited. In a much more profound way if (A) is
closer to reality.

For example, the assigned entity MUST co-sign the cert with the issuer,
and NOT may, as it is today. 

I would like to hear the other opinions on this an maybe we could proceed
from here.


Ed Gerck
Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br
P.O.Box 1201, CEP13001-970, Campinas-SP, Brazil  - Fax: +55-19-2429533