[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on the nature of trust

Ben Laurie wrote:
> Marc Branchaud wrote:
> >
> > Ben Laurie wrote:
> > >
> > > Marc Branchaud wrote:
> > > > Without some externally transmitted trust, what we have is a kind of Turing
> > > > test for trust -- is it really Ed, or just an incredible simulation?  This
> > > > might be an easy question to answer in a trivial context, but I think that an
> > > > external trust channel would be needed in a situation of any significance.
> > >
> > > But isn't this the essence of trust? No-one can devise a protocol that
> > > will make me trust things, can they? This "external trust channel" can
> > > only exist if I trust it. And will that trust come from an "external
> > > external trust channel trust channel"? I think not.
> > >

[ ... ]

> > The same paradigm applies to online messaging: you trust a message because
> > you've received enough other information in some external way.
> Or the value of the information is sufficiently low that the "balance of
> trust" (as it were) swings in the right direction. But what is the
> _point_ of all this? If we look at the CA-centric model of trust, then
> it is the CA that must convince me, with sufficient out-of-band
> information, that I should trust it. One obvious way of doing this is,
> for example, being of sufficient reputation that proving to be
> untrustworthy would be a Bad Thing. Like a bank, for example :-)

I agree with all of that.  The point I was trying to make is that some kind of
external-to-the-transaction trust channel is required.  I think what our
discussion has revealed is that several quanta of trust from many different
sources & channels are probably needed.

I believe SPKI is a pretty good way of conveying that kind of trust with as
little out-of-band communication as possible.  With everyone issuing SPKI
certs for all sorts of stuff, people can gather enough evidence to satisfy
themselves that something is trustworthy.


 Marc Branchaud                                       \/
 Chief PKI Architect                                  /\CERT SOFTWARE INC.
 marcnarc@xcert.com        PKI References page:              www.xcert.com
 604-640-6210x227      www.xcert.com/~marcnarc/PKI/

Follow-Ups: References: