[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The role of trust in certification

[The subject above was discussed here last December. This posting
 offers a further new twist]
Suppose we would paraphrase Augustine of Hippo (Ts. 132) and would
discuss: "whether certificates are trustful because they certify, or
certify because they are trustful.". Then, like him, we might give the
"doubtless reply" that they certify because they are trustful. 

On one level this is a fairly straightforward expression of the
objectivist stance that trust is a quality of the certificate itself, as
opposed to the subjectivist stance that trust is relative to the user (or,
in other words, "trust is in the eyes of the beholder"). However, the risk
is borne by the user (ie, the verifier, the relying party) who is in the
subjective stance, so we must reject here the notion that trust is somehow
embedded or infused in the certificate and accept that trust must be a
concept relative to the user's point of view.

Thus, for certificates, "trust is relative to the user" and "certificates
are trustful because they certify" -- not the other way around. 

The logical expression "certificates are trustful because they certify"
has a far reaching consequence: that trust on the certificate will be
transfered to the user not from the certificate itself (the objective
view) but from the user's perceived assurance (which must be received from
a different information channel than the certificate itself, such as legal
reliance on a CA's CPS, friendship reliance on a PGP's web-of-trust or
protocol reliance on the Meta-Certificate Standard) that the certificate
will work as desired -- it will certify. 

Therefore, one may say that a certificate is like a tool, that is trusted
because it is expected that it will work, while trust is a result of the
user's perceived assurance on a set of declarations. The role of trust in
certification is thus to be earned, not merely assigned. 

Even though other logical unfoldments will be pursued elsewhere, regarding
CAs, TTPs, etc., there is one direct (and expected) consequence which is
worth mentioning here: 

 In any certification system, what makes a certificate trustworthy is not
 any magically infused trust from the certificate's issuer (eg, the CA). 
 Rather, a certificate is trustworthy as decided by the user (ie, the
 party that relies on the information -- who is at risk), based on the
 trust the user decides to place in the certificate's issuer and as a
 function of perceived risks, costs, threats, situation, etc. 

(text sections copied from [1])

Comments are welcome.




[1] "Overview of Certification Systems: X.509, CA, PGP and SKIP" in

[2] "Towards a real-world model of trust" in http://www.mcg.org.br/trustdef.txt

Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br