[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Summary Trust x Delegation
Stef Hoeben <Stefan.Hoeben@esat.kuleuven.ac.be> writes:
>At 03:58 PM 5/24/97 GMT, William Allen Simpson wrote:
>>The protocol issues are "authentication", "authorization", and
>Doesn't SPKI have to solve this trust problem before people will
>be able to use this, or is there allready a solution?
As someone who is impatiently waiting for the SPKI draft to reach the
implementation phase, I have to say I find all this nonsense about
"this trust problem" deeply discouraging.
The statement above makes as much sense to me as, "doesn't contract law have
to solve the trust problem before people can use it?"
There is no "trust problem". Anybody can betray anybody else's trust at
any time. That's life. As far as a protocol is concerned, there is no such
thing as trust.
The problem which needs to be solved is the "accountability problem", which is,
how do you handle violations of trust. For this, you need authentication,
authorization, delegation, auditability, and a sanctions mechanism. SPKI
provides the first three. The fourth is a function of the systems in which
SPKI is embedded, and the fifth is a matter for the users of said systems.
So, when can we expect reference code so people can start implementing this?