[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification

Carl Ellison writes:
 > At 03:30 PM 2/12/98 -0800, Tony Bartoletti wrote:
 > >This debate regarding "I use because I trust" vs "I trust because I used" is
 > >interesting, but any hopes of resolution can only occur in a theoretical
 > >arena.
 > I wish people would stop using the naked word "trust".
 > US currency says "In God we trust".
 > I can't think of any human I trust without qualification.  For people, I 
 > might say the words "I trust her", but I always finish those words with the 
 > thought "to ________" or "to be __________".

However, it is perfectly fine for someone to use the word trust in a
naked way (ie, intransitive), without being "sloppy"or using implicit
language. For example, in the sense of "I place confidence in her" or
also in the sense of hope, such as, respectively, "trust in God" or
"trust to luck" -- with still other examples to follow next.

I would say that linguistically speaking trust can be indeed be either
transitive or intransitive -- and the same should be modelled in
protocols, following a "real-world" model of trust.

Clearly, we need to use natural languages more and more in very
precise terms when we start to quantify subjective relationships --
while we need to use computer languages more and more in very fuzzy
terms when we start to model human thought and social processes. 

So, it is no surprise that the social and linguistic uses of the word
trust should be one day finaly mathematically investigated -- unless
we always want to start de novo with Humpty-Dupmty declarations and
unrealistic assumptions for every YAPKI protocol to be invented...

The linguistically transitive meanings of trust can be perfectly well
represented in the expression "A trusts B on matters of X" where X can
be "to do Z", "to be Y" or, whatever, and trust follows the
mathematical definition I presented here, earlier on this thread.

Further, the *same* expression can also represent the linguistically
intransitive apsects of trust, if X == Universe (in the sense of set
theory), then the intransitive mode of real-world trust is also
reflected in the expression "A trusts B on matters of X", for each
case of X == "Universe".

Thus, "I trust you" is perfectly acceptable as "I trust you on
everything at anytime", a strong declaration without doubt but one
that a 4-year old does all the the time to his parents or that some
adults often do when they accept certificates from an unknown CA ;-)

 > This idea that we can establish trust or communicate it is a sample
 > sloppy speaking, AFAIAC.  That's why we didn't call a <tag> "(trust

While some consider better for their peace of mind to stick with
statements like "I delegate to you the permission to <some action,
possibly with qualifiers>" and forget the word "trust" -- I diverge on
a basic fact regarding this attitude, though we may violently agree on
the didactic of it.

"I delegate to you" implies a comunication channel, that this
statement used to propagate from you to me. However, can this channel
be trusted?

Here, trust is a primary concept -- while delegation, authorization
and so on can be shown to be layered concepts, in relationship to

I think that it is OK and fine that SPKI deals with delegation and
authorization  -- but not as a dismissal of trust ... rather as a
*recognition* that trust will NOT be treated in THAT layer (as well as
other topics will not be treated either, such as the age of the
Universe, the UDP packet protocol, etc.).

So, in the same way that SPKI relies on other layers for identity
verification, it also relies on other layers for trust verification
and this fact should NOT be denied (rather, SHOULD be stressed).

This I find to be completely self-consistent with Carl's declaration,
often stated as something similar to: " We believe in separate
certificates  for separate functions, rather than a pool of extensions
to one certificate."

I do not say this to be  a crowd-pleaser ;-) (or, list-pleaser). I
have said this publicly before. The only dissenting remark I make is
that while it is fine and good to focus in one layer as Carl is doing
-- one must not forget the environment of that layer....

The MCG discussions in which I participate center exactly on the
environment -- as the MCG intends to build an horizontal security
platform that ANY vertical application (eg, SPKI certs) can use in
order to do their things, as a certification lingua franca at the base
layers -- leaving the upper layers for the world (eg, SPKI, CAs,
X.509, SET, etc.) to worry about.

Thus, Meta-Certificates have the name Meta also because they do not
intend to be a finished part, but to provide building blocks for
vertical markets -- which represent much more than the horizontal
market plane, of course, but which can very much profit from a common
secure base.



Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
    --- Visit the Meta-Certificate Group at http://mcg.org.br ---