[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on the nature of trust


>Date: Fri, 23 Jan 1998 08:14:49 -0200 (EDT)
>From: Ed Gerck <egerck@laser.cps.softex.br>
>Reply-To: Ed Gerck <egerck@laser.cps.softex.br>
>To: MCG <mcg-talk@novaware.cps.softex.br>
>Subject: Towards a real-world model of trust
>Message-ID: <Pine.LNX.3.95.980123035630.4059D-100000@laser.cps.softex.br>
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Status: RO

>Today's protocols such as X.509, PGP and others, take a leap of ignorance
>on what trust is and start by defining means to convey it. Such attitude
>is not even empirical, it is indeed arbitrary. To justify this leap of
>ignorance, standards such as X.509 have statements to the effect that "...
>such will be defined in the CPS, which is not a part of this document." --
>as if assumptions could be defined after the theorems that use them.


	that was a beautifully written paragraph!

>Thus, loosely speaking, information is what you do not know and trust is
>what you know. 

This is an interesting approach.  Of course, by this definition what we're 
dealing with in SPKI is what we know -- confirmed knowledge -- rather than
trust.  PGP comes closest to using trust by this definition.  Right?

>trust: "trust is that which is essential to a communication channel but
>which cannot be transferred from a source to a destination using that
>channel" ,

Again -- an interesting concept.

>To answer this question, we must now look at the mathematical properties
>of trust. This is also similar to Shannon's approach -- when the
>logarithmic function was found very useful to represent information
>content and allowed new insights. As in [5], trust has the following
>main mathematical properties: 
> - not transitive
> - not distributive
> - not symmetric
>where the reader can see the first two properties exemplified on-line in
>[5].  The last property is straightforward: the fact that a lion trusts
>a lamb does not mean that the lamb trusts the lion. 

I think this too is an interesting discussion, but by this point I believe 
you should have introduced my favorite point.

I knew a woman once whose husband drove their one car to work, so I 
used to give her rides home from work and to other activities.  I asked her 
husband once if he minded that I was driving his wife around.  He said, "No, 
I trust her."  Well, I trusted her too, because we developed a friendship 
and she told me what was on her mind.  I learned from her about the several 
affairs she was having in the office and outside.  We both trusted her but
it's clear we believed different things when we each said "I trust her".

To me, this demonstrates the killer flaw in the way we use the word trust.  
US currency says "In God we trust".  That's about the only valid use of the 
naked word "trust" I will admit to.  Otherwise, we need to declare what we 
believe about a person -- or what attribute that keyholder has, in our 
context -- not something as nebulous as "trust".

>Neither can trust be thought of as a type of authorization loop, where
>trust flows from the source to the destination and back to the source,
>similar to a battery and electric current. [6]

No, I don't believe trust can, the way you've defined trust.  However, 
authorization can -- and does.  I'll do another pass over the draft
and make sure I don't use the word trust in appropriately.
 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |