[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Summary Trust x Delegation
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 24 May 1997, William Allen Simpson wrote:
> > From: "E. Gerck" <email@example.com>
> > We have the following *main* groups, propositions and comments:
> > A. "Trust is not transitive" is a fact in all cases even with perfect
> > B. "Trust is not transitive" only if you take forgery and unlawful acts
> > C. "Trust is transitive". There is no issue about it and delegation is a
> I'm sorry, but that's not what I got out of the debate at all.
I agree, as the debate progressed, I got a feeling we were quickly
losing focus. Even the initial section of the SPKI draft assumes
trust, that is, every private key is stored securely and never given
to a third party.
> I saw folks indicate that trust is not an objective protocol issue,
> it is a subjective human motivation.
Indeed, this is what I saw as well. If we are discussing trust
vs. delegation, the important thing to note, IMHO, is that they are
If I trust someone, I can give him or her an authorization to do
something. If I choose, I can even give him the authorization to
further delegate this authorization. Now note - this is a statement
of trust, I trust him or her to only use the delegation correctly.
If this subject uses this trust incorrectly, the same can easily be
achieved by other means. The subject can use his or her authorization
for the wrong purposes, or even hand over his or her private key to
some third party - the ultimate delegation.
> The protocol issues are "authentication", "authorization", and
And the matter of trust is the interpretation of such authentication,
authorization and delegation. As I see it, the interpreter of SPKI
certificates sets his own trust policy - independent of the protocol.
Then again, this is only my interpretation.
Camillo Sdrs <Camillo.Sars@DataFellows.com> Data Fellows Ltd.
http://www.Europe.DataFellows.com/ Secure Networking(tm) with
http://www.iki.fi/ged F-Secure SSH
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----