[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification



-----BEGIN PGP SIGNED MESSAGE-----

At 01:21 PM 3/12/98 -0800, Tony Bartoletti wrote:
>>
>>I wish people would stop using the naked word "trust".
>>
>>US currency says "In God we trust".
>>
>>I can't think of any human I trust without qualification.  For people, I 
>>might say the words "I trust her", but I always finish those words with the 
>>thought "to ________" or "to be __________".
>>
>>This idea that we can establish trust or communicate it is a sample of
>>sloppy speaking, AFAIAC.  That's why we didn't call a <tag> "(trust ...)".
>>
>> - Carl
>>
>
>In the context it was written, I belive there was no particular
>implication that "absolute" or "unconditional" trust was meant.


Tony,

I'm sure that none of us is thinking of unconditional, unquestioned, 
unqualified trust when we use the word "trust" alone.  However, I believe 
that's a product of our completing these sentences in our heads, not with 
our keyboards or mouths -- as if the reader or listener could read our minds 
and complete the thoughts for us.

When we mean some qualified trust, then we need to state that qualifier -- 
not just think it.  Failure to do this allows folks like Louis Freeh
to say "well you trust this CA, so there's no problem letting it hold
your private keys for you" -- or for some CA salesman to establish that
his company's crypto is trustworthy and then claim you should be willing
to do business with anyone who has a cert from that CA because you
trust the cert.  This is just too loose -- moving from one kind of
trust to another and able to do so without an instant buzzer going
off because we have the habit of using the word alone.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNQhWrxN3Wx8QwqUtAQEnUgP/X+RTuHhL4lJYHFNAh/MihXV1RFhgUV1W
XfNnsiaWhUoHYz8K/r0TarnoXjTlrT5ZTAYL/zgffDJhOipg1CrMZTOqaYA+7GMw
FEDhc+CXW2+A+NSTg0gfAkC8d5Yj5i362vZtwmZWcebCwV6Zfp2Nj94rFfO5VMca
CHNtXaGdtQc=
=W5Gk
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References: