[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification, was Augustine (fwd)

Parts of this message have been cited here, without especifying the
source. Einar has authorized it to be quoted and so I am including it in
full except my original message (Re above) with was the basically the same
that I posted here.

Thank you,

Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
    --- Meta-Certificate Group member, http://www.mcg.org.br ---

---------- Forwarded message ----------
Date: Wed, 11 Feb 1998 20:47:25 -0800
From: Einar Stefferud <Stef@nma.com>
To: Ed Gerck <egerck@laser.cps.softex.br>
Subject: Re: Augustine 

I believe that one of the big reasons why the Computer Crypto
Community has long been going down the wrong (certify because they are
trustful) path is because the early players were dominated by Military
Intelligence players, and CIA/KGB minded folk.

And, I believe it is true their world the they need to use "certify
because they are trustful" logic.  In that world, a spy contracts to
work for a spymaster who gives him codes and instructs him to trust
the people the spymaster tells him to trust.  That is not the "otehr
world" of business where trust is earned, not merely assigned.

In the spy world, it is not possible to not trust your handler, as
there is no one else to trust, or you must turn to your enemy and
accept a new list of trusted parties, using the same trust model.

it is my belief that thjis has long tainted the whole area of research
and development of certificates, et al.

PGP clearly does not use the CIS/KGB model, in which trust is
transitive, though I am not sure that are taint free;-)...