[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification

To: Tony Bartoletti <azb@llnl.gov>
Subject: Re: The role of trust in certification
From: "E. Gerck" <egerck@laser.cps.softex.br>
Date: Thu, 12 Mar 1998 19:31:08 -0300
Cc: Carl Ellison <cme@cybercash.com>, spki@c2.net
In-Reply-To: <3.0.3.32.19980312132141.00aa2150@poptop.llnl.gov>
References: <3.0.3.32.19980212153026.00a1e610@poptop.llnl.gov><Pine.LNX.3.95.980212191713.3584C-100000@laser.cps.softex.b r><9802121545.AA72094@watpub1.watson.ibm.com><3.0.3.32.19980312104002.00aa3ea0@cybercash.com><3.0.3.32.19980312132141.00aa2150@poptop.llnl.gov>

Tony Bartoletti writes:

 > 
 > The observation was made in response to one of Ed Gerck's statements,
 > to the effect that a thing cannot be used until trusted.

Tony:

Pardon. I said the very opposite... a thing is trusted because it works as
desired.

To wit, in the message that initiated this thread I discussed
"whether certificates are trustful because they certify, or certify
because they are trustful", with the following conclusions:

 Thus, for certificates, "trust is relative to the user" and
 "certificates are trustful because they certify" -- not the other
  way around. 

 The logical expression "certificates are trustful because they
 certify" has a far reaching consequence: that trust on the
 certificate will be transfered to the user not from the certificate
 itself (the objective view) but from the user's perceived assurance
 (which must be received from a different information channel than
 the certificate itself, such as legal reliance on a CA's CPS,
 friendship reliance on a PGP's web-of-trust or protocol reliance
 on the Meta-Certificate Standard) that the certificate will work
 as desired -- it will certify. 

I further re-enforced the concept that trust is usually earned by
performance, and not simply assigned:

 Therefore, one may say that a certificate is like a tool, that is
 trusted because it is expected that it will work, while trust is
 a result of the user's perceived assurance on a set of declarations.
 The role of trust in certification is thus to be earned, not
 merely assigned.

Therefore, there is NO chicken-and-egg issue here:

 >My response
 > intended to convey the chicken-and-egg nature of trust in the human
 > experience, how we come to trust one another (to do X, be Y, whatever.)

rather, trust is earned by each respective action and reaction.

Cheers,

Ed
______________________________________________________________________
Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
http://novaware.cps.softex.br
    --- Visit the Meta-Certificate Group at http://mcg.org.br ---

Follow-Ups:

Re: The role of trust in certification

From: Tony Bartoletti <azb@llnl.gov>

References:

Re: The role of trust in certification

From: Tony Bartoletti <azb@llnl.gov>

Re: The role of trust in certification

From: Uri Blumenthal <uri@watson.ibm.com>

Re: The role of trust in certification

From: Carl Ellison <cme@cybercash.com>

Re: The role of trust in certification

From: Tony Bartoletti <azb@llnl.gov>

Prev by Date: Re: Some comments on draft-ietf-spki-cert-theory-02.txt
Next by Date: Re: public key algorithm naming
Prev by thread: Re: The role of trust in certification
Next by thread: Re: The role of trust in certification
Index(es):
- Main
- Thread