[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Summary Trust x Delegation
David P. Kemp wrote, in part:
>This thought process (i.e. this mental model of thinking about SPKI
>certificates) seems backwards to us X.509 types.
>In my mind, the issuer does not trust the recipient (verifier), nor
>does it request (politely or otherwise) that verifiers do anything.
>Rather the verifier trusts the issuer. The issuer does not create
>authorizations that can be delegated, the issuer merely provides a
>trustable service for use by subjects and verifiers.
>In the X.509 model, the verifier is central. The verifier controls
>access to resources, and it's up to the verifier to collect whatever
>information it needs to make a decision. The verifier enforces policy,
>and the verifier decides which issuers it trusts. The issuer may write
>it's own policy (Certification Practice Statement), but its up to the
>verifier to read the CPS and decide to what extent it will rely upon
>certificates created by that issuer.
The reason SPKI appears backward in this regard is that, for SPKI, the
verifier is assumed to be the (root) issuer of the authority in question.
The verifier is still central.
I believe we need a term, other than "trust", to reference what we intend
by the flow of mechanical reliance afforded by the mathematical operations.
(I.e., In contrast to the "trust" we place in the difficulty of factoring.)