[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The role of trust in certification

Tony Bartoletti writes:
 > The observation was made in response to one of Ed Gerck's statements,
 > to the effect that a thing cannot be used until trusted.


Pardon. I said the very opposite... a thing is trusted because it works as

To wit, in the message that initiated this thread I discussed
"whether certificates are trustful because they certify, or certify
because they are trustful", with the following conclusions:

 Thus, for certificates, "trust is relative to the user" and
 "certificates are trustful because they certify" -- not the other
  way around. 

 The logical expression "certificates are trustful because they
 certify" has a far reaching consequence: that trust on the
 certificate will be transfered to the user not from the certificate
 itself (the objective view) but from the user's perceived assurance
 (which must be received from a different information channel than
 the certificate itself, such as legal reliance on a CA's CPS,
 friendship reliance on a PGP's web-of-trust or protocol reliance
 on the Meta-Certificate Standard) that the certificate will work
 as desired -- it will certify. 

I further re-enforced the concept that trust is usually earned by
performance, and not simply assigned:

 Therefore, one may say that a certificate is like a tool, that is
 trusted because it is expected that it will work, while trust is
 a result of the user's perceived assurance on a set of declarations.
 The role of trust in certification is thus to be earned, not
 merely assigned.

Therefore, there is NO chicken-and-egg issue here:

 >My response
 > intended to convey the chicken-and-egg nature of trust in the human
 > experience, how we come to trust one another (to do X, be Y, whatever.)

rather, trust is earned by each respective action and reaction.


Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
    --- Visit the Meta-Certificate Group at http://mcg.org.br ---

Follow-Ups: References: