[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary Trust x Delegation

To: William Allen Simpson <wsimpson@greendragon.com>
Subject: Re: Summary Trust x Delegation
From: Camillo Särs <Camillo.Sars@DataFellows.com>
Date: Sun, 25 May 1997 12:47:10 +0300 (EEST)
Cc: spki@c2.net
In-Reply-To: <5953.wsimpson@greendragon.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 24 May 1997, William Allen Simpson wrote:

> > From: "E. Gerck" <egerck@laser.cps.softex.br>
> > We have the following *main* groups, propositions and comments:
> >
> > A. "Trust is not transitive" is a fact in all cases even with perfect
> > B. "Trust is not transitive" only if you take forgery and unlawful acts
> > C. "Trust is transitive". There is no issue about it and delegation is a
> 
> I'm sorry, but that's not what I got out of the debate at all.

I agree, as the debate progressed, I got a feeling we were quickly
losing focus.  Even the initial section of the SPKI draft assumes
trust, that is, every private key is stored securely and never given
to a third party.

> I saw folks indicate that trust is not an objective protocol issue,
> it is a subjective human motivation.

Indeed, this is what I saw as well.  If we are discussing trust
vs. delegation, the important thing to note, IMHO, is that they are
separate. 

If I trust someone, I can give him or her an authorization to do
something.  If I choose, I can even give him the authorization to
further delegate this authorization.  Now note - this is a statement
of trust, I trust him or her to only use the delegation correctly.

If this subject uses this trust incorrectly, the same can easily be
achieved by other means.  The subject can use his or her authorization
for the wrong purposes, or even hand over his or her private key to
some third party - the ultimate delegation.

> The protocol issues are "authentication", "authorization", and
> "delegation".

And the matter of trust is the interpretation of such authentication,
authorization and delegation.  As I see it, the interpreter of SPKI
certificates sets his own trust policy - independent of the protocol. 

Then again, this is only my interpretation.  

Regards,

Camillo

Camillo Sdrs <Camillo.Sars@DataFellows.com>     Data Fellows Ltd.
F-Secure Support
http://www.Europe.DataFellows.com/              Secure Networking(tm) with
http://www.iki.fi/ged                           F-Secure SSH

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1

iQBVAwUBM4gKpCMP5Zqzh/pfAQGDaQIA2fvjl50OB5ERjP5h++X9RSwMNYWNzKNX
S4yF8vBLC2DyBTn2PSvQdkUIuOdRGZuslHZW7NuKXdiB12TyTVb1Cw==
=qs2T
-----END PGP SIGNATURE-----

References:

Summary Trust x Delegation

From: "William Allen Simpson" <wsimpson@greendragon.com>

Prev by Date: Summary Trust x Delegation
Next by Date: No Subject
Prev by thread: Summary Trust x Delegation
Next by thread: Re: Summary Trust x Delegation
Index(es):
- Main
- Thread