[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification

At 09:54 PM 2/12/98 -0200, you wrote:

>Suppose Skywalker would acquire somewhere a list of TTPs so that Skywalker
>would input it to his server and then be ready for e-commerce transactions
>with Alice -- and Alice would do the same for her browser.

This is a decent starting point, for purposes of refinement.  The crucial
point needing refinement being "acquire somewhere a list of TTPs":

1) acquire why?  Why was this particular source for TTP's selected?
Read about them in a magazine?  Saw them on TV?  Recommended by your analyst?

2) acquire how?  email? ssh with previously trusted keys?
certified-snailmail? bonded courier?

3) acquire for?  How to judge suitability to purpose?

Help refine these points (several options here) and then we have something
less academic to chew upon.


>Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
>    --- Meta-Certificate Group member, http://www.mcg.org.br ---

Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL

Follow-Ups: References: