[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The role of trust in certification
-----BEGIN PGP SIGNED MESSAGE-----
At 04:59 PM 2/13/98 -0500, Bob Blakley wrote:
>I think the answer is that it's what a Certificate *says* that establishes
>a historical context for evaluating trust decisions. The first time I receive
>a certificate, my trust in the parties "behind" the certificate is based on
>blind faith.
>
>The second and subsequent times I rely on the same certificate, the binding
>between the CA key and the acceptor key, and the binding between the acceptor
>key and a signed document, combine to give me confidence (assuming I believe
>in the strength of cryptography; a whole other discussion) that I'm dealing
>with the *same* parties with whom I have a past history. This allows me
>to make trust decisions in the same way I do in the real world with people
>I actually know: on the basis of my observations of their past behavior.
Am I missing something here?
The same characteristic is available with a naked public key, with no
certificate, right?
What you really count on in this logic is that the person/machine operating
the private key is the same in the different instances. The possession and
control of a private key is outside the control of a CA and certainly of a
certificate.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNQgFeRN3Wx8QwqUtAQFJOgP/ZFK6AAIX8Zt7Iw/lGvIN4vMskQar+b7M
ttXybQ819PzglajcgBWpszzBfCcSYSPI61xNraqdaIbx9XUkaAVaV3kFfQSHuRWW
VmYlpYb4IbxeF/OyLL3uevTjsdf+GlPGcSy0r/YvGB41jRUzF+JkPaegEWaM5bZx
lTm4CitiU+Q=
=y8+3
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: