[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification


At 01:21 PM 3/12/98 -0800, Tony Bartoletti wrote:
>>I wish people would stop using the naked word "trust".
>>US currency says "In God we trust".
>>I can't think of any human I trust without qualification.  For people, I 
>>might say the words "I trust her", but I always finish those words with the 
>>thought "to ________" or "to be __________".
>>This idea that we can establish trust or communicate it is a sample of
>>sloppy speaking, AFAIAC.  That's why we didn't call a <tag> "(trust ...)".
>> - Carl
>In the context it was written, I belive there was no particular
>implication that "absolute" or "unconditional" trust was meant.


I'm sure that none of us is thinking of unconditional, unquestioned, 
unqualified trust when we use the word "trust" alone.  However, I believe 
that's a product of our completing these sentences in our heads, not with 
our keyboards or mouths -- as if the reader or listener could read our minds 
and complete the thoughts for us.

When we mean some qualified trust, then we need to state that qualifier -- 
not just think it.  Failure to do this allows folks like Louis Freeh
to say "well you trust this CA, so there's no problem letting it hold
your private keys for you" -- or for some CA salesman to establish that
his company's crypto is trustworthy and then claim you should be willing
to do business with anyone who has a cert from that CA because you
trust the cert.  This is just too loose -- moving from one kind of
trust to another and able to do so without an instant buzzer going
off because we have the habit of using the word alone.

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |