[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary Trust x Delegation

	From owner-spki@c2.net Wed May 28 20:38:12 1997
	Received: from blacklodge.c2.net (blacklodge.c2.net []) by public.bta.net.cn ( with ESMTP id UAA13962 for <robinson@public.bta.net.cn>; Wed, 28 May 1997 20:38:08 +0800
	Received: (from majordom@localhost) by blacklodge.c2.net (8.8.5/8.7.3) id EAA28915 for spki-outgoing; Wed, 28 May 1997 04:05:12 -0700 (PDT)
	X-Authentication-Warning: blacklodge.c2.net: majordom set sender to owner-spki@c2.org using -f
	Organization: ESAT, K.U.Leuven, Belgium
	Date: Wed, 28 May 1997 13:02:44 +0200 (MET DST)
	From: Stef Hoeben <Stefan.Hoeben@esat.kuleuven.ac.be>
	X-Sender: hoeben@dante
	To: spki@c2.net
	Subject: Re: Summary Trust x Delegation
	Message-ID: <Pine.ULT.3.95.970528124106.19888D-100000@dante>
	MIME-Version: 1.0
	Content-Type: TEXT/PLAIN; charset=US-ASCII
	Sender: owner-spki@c2.net
	Precedence: bulk
	Status: R

	At 03:58 PM 5/24/97 GMT, William Allen Simpson wrote:
	>> From: "E. Gerck" <egerck@laser.cps.softex.br>
	>> We have the following *main* groups, propositions and comments:
	>> A. "Trust is not transitive" is a fact in all cases even with perfect
	>> B. "Trust is not transitive" only if you take forgery and unlawful acts
	>> C. "Trust is transitive". There is no issue about it and delegation is a
	>I'm sorry, but that's not what I got out of the debate at all.
	>I saw folks indicate that trust is not an objective protocol issue, it
	>is a subjective human motivation.
	>The protocol issues are "authentication", "authorization", and
	>SPKI needs to clearly indicate how each is handled.  I think that it
	>does a reasonably job so far, but anticipate cleaning up the text.
	But the problem remains that the PKI's at the moment are not usable
	(special purpuse stuff like SET, ... excluded) BECAUSE you can't
	trust the certficates. The above looks to me like a playing with
	words which goes around this problem. See below for an example.

	Greetings, Stef

	Last week, you decided to trust Skywalker on matters of X because
	you have a SPKI cert signed by Bob, saying Skywalker never let 
	anyone down in matters of X. And you trust Bob.
	Today, X turns out to be a big mess (Skywalker doesn't like you,
	someone faked the cert, Bob mixed Skywalker with Darth Vader, ...)
	--> You're in trouble (unless you can use some laws like X.509
	 may solve the problem with the CA-legislation) and you can't
	 do anything about it. 

	Doesn't SPKI have to solve this trust problem before people will
	be able to use this, or is there allready a solution?