[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The role of trust in certification
At 09:54 PM 2/12/98 -0200, you wrote:
>Suppose Skywalker would acquire somewhere a list of TTPs so that Skywalker
>would input it to his server and then be ready for e-commerce transactions
>with Alice -- and Alice would do the same for her browser.
This is a decent starting point, for purposes of refinement. The crucial
point needing refinement being "acquire somewhere a list of TTPs":
1) acquire why? Why was this particular source for TTP's selected?
Read about them in a magazine? Saw them on TV? Recommended by your analyst?
2) acquire how? email? ssh with previously trusted keys?
certified-snailmail? bonded courier?
3) acquire for? How to judge suitability to purpose?
Help refine these points (several options here) and then we have something
less academic to chew upon.
>Dr.rer.nat. E. Gerck firstname.lastname@example.org
> --- Meta-Certificate Group member, http://www.mcg.org.br ---
Tony Bartoletti LL
SPI-NET GURU LL LL
Computer Security Technology Center LL LL LL
Lawrence Livermore National Lab LL LL LL
PO Box 808, L - 303 LL LL LLLLLLLL
Livermore, CA 94551-9900 LL LLLLLLLL
email: email@example.com phone: 510-422-3881 LLLLLLLL