[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification

To: Bob Blakley <blakley@us.ibm.com>
Subject: Re: The role of trust in certification
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 12 Mar 1998 10:55:38 -0500
Cc: <uri@watson.ibm.com>, <egerck@laser.cps.softex.br>, <spki@c2.net>
In-Reply-To: <5040300012569838000002L082*@MHS>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 04:59 PM 2/13/98 -0500, Bob Blakley wrote:
>I think the answer is that it's what a Certificate *says* that establishes
>a historical context for evaluating trust decisions.  The first time I receive
>a certificate, my trust in the parties "behind" the certificate is based on
>blind faith.
>
>The second and subsequent times I rely on the same certificate, the binding
>between the CA key and the acceptor key, and the binding between the acceptor
>key and a signed document, combine to give me confidence (assuming I believe
>in the strength of cryptography; a whole other discussion) that I'm dealing
>with the *same* parties with whom I have a past history.  This allows me
>to make trust decisions in the same way I do in the real world with people
>I actually know: on the basis of my observations of their past behavior.

Am I missing something here?

The same characteristic is available with a naked public key, with no 
certificate, right?

What you really count on in this logic is that the person/machine operating 
the private key is the same in the different instances.  The possession and 
control of a private key is outside the control of a CA and certainly of a 
certificate.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNQgFeRN3Wx8QwqUtAQFJOgP/ZFK6AAIX8Zt7Iw/lGvIN4vMskQar+b7M
ttXybQ819PzglajcgBWpszzBfCcSYSPI61xNraqdaIbx9XUkaAVaV3kFfQSHuRWW
VmYlpYb4IbxeF/OyLL3uevTjsdf+GlPGcSy0r/YvGB41jRUzF+JkPaegEWaM5bZx
lTm4CitiU+Q=
=y8+3
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

key revocation (was Re: The role of trust in certification)

From: Carl Ellison <cme@cybercash.com>

References:

Re: The role of trust in certification

From: Bob Blakley <blakley@us.ibm.com>

Prev by Date: Re: re. name cert meaning
Next by Date: public key algorithm naming
Prev by thread: Trust is NOT knowledge, was Re: The role of trust in certification
Next by thread: key revocation (was Re: The role of trust in certification)
Index(es):
- Main
- Thread